[prev in list] [next in list] [prev in thread] [next in thread]
List: websecurity
Subject: Re: [WEB SECURITY] Pretty-Bad-Proxy: An Overlooked Adversary in Browsers HTTPS Deployments
From: quigley () emerose ! com (Sam Quigley)
Date: 2009-05-28 16:32:55
Message-ID: 26487EB5-5C6D-40C9-8B9E-CD41B0EA426B () emerose ! com
[Download RAW message or body]
On May 28, 2009, at 5:53 AM, Paul Johnston wrote:
> Hi,
>> Pretty-Bad-Proxy: An Overlooked Adversary in Browsers� HTTPS
>> Deployments
>> http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
>>
> I agree, this is an excellent paper. I'm quite shocked the "proxy
> response rendered in HTTPS context" bugs have existed for so long,
> but hey, at least they're fixed now.
Well, "fixed" now. According to the paper, they're fixed in IE8 --
currently, what, ~5% market share? -- but not in IE7 or IE6 (~75%
market share?)...
I agree, though -- excellent paper.
-sq
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic