[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSL weakness affecting links from pa

To: ARTURO GRAPA YSUNZA <[email protected]>
Subject: Re: SSL weakness affecting links from pa
From: Bill Stewart <[email protected]>
Date: Fri, 11 Apr 1997 23:01:42 -0700
Cc: "Mark M." <[email protected]>, "[email protected]" <[email protected]>, "[email protected]" <[email protected]>
In-Reply-To: <c=MX%a=_%p=BANACCI%l=CENTRALES/BARRANCA24/[email protected]>
Sender: [email protected]

At 01:54 AM 4/11/97 -0500, ARTURO GRAPA YSUNZA <[email protected]> wrote:
>See http://www.Microsoft.com/security/
>under "Credit Card Security Concerns and Microsoft's Response"
>for Microsoft's response on the SSL GET/POST weakness. �Any opinions?

Thanks for the pointer to MS's security site; there's a lot of
good information there.

I was highly unimpressed with Microsoft's Response:
	"It's Not A Security Flaw"
	"But Everybody Important Works Around It"
	"And we're fixing it in the next release"
without providing much detail about what's going on.
It does indicate what to look into to avoid it when writing web pages,
but it doesn't say how to avoid it when entering your credit card number
into a web page, or what to look for as a non-programmer user.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 [email protected]
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#     (If this is a mailing list, please Cc: me on replies.  Thanks.)

Follow-Ups:
- Re: SSL weakness affecting links from pa
  - From: Toto <[email protected]>
- Re: SSL weakness affecting links from pa
  - From: Tom Weinstein <[email protected]>

References:
- Re: SSL weakness affecting links from pa
  - From: ARTURO GRAPA YSUNZA <[email protected]>

Prev by Date: Re: Swedish Narcotics Police Demand Telephone Card Database
Next by Date: Re: A rant about economic distortions
Prev by thread: Re: SSL weakness affecting links from pa
Next by thread: Re: SSL weakness affecting links from pa
Index(es):
- Date
- Thread