Full Disclosure mailing list archives
Re: Fun with Foundstone
From: pagvac <unknown.pentester () gmail com>
Date: Thu, 16 Feb 2006 20:04:11 +0000
On 2/14/06, Jason Coombs <jasonc () science org> wrote:
orangeofficer () hushmail com wrote:https://download.foundstone.com/?o=^2155 Now that's just plain sloppy.But at least it's SSL-secured.
SSL provides privacy *not* security (web server/application is still vulnerable to attacks). Also, this https encryption can be beneficial for attackers to avoid IDS alarms if IDS is *not* located on the target server that provides the https connection.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Fun with Foundstone orangeofficer (Feb 14)
- Re: Fun with Foundstone Dave Korn (Feb 14)
- Re: Re: Fun with Foundstone ad () heapoverflow com (Feb 14)
- RE: Re: Fun with Foundstone Debasis Mohanty (Feb 14)
- Re: Re: Fun with Foundstone Dave Korn (Feb 15)
- RE: Re: Re: Fun with Foundstone Debasis Mohanty (Feb 15)
- Re: Re: Fun with Foundstone ad () heapoverflow com (Feb 14)
- Re: Re: Fun with Foundstone Dave Korn (Feb 15)
- Re: Fun with Foundstone Dave Korn (Feb 14)
- Re: Fun with Foundstone pagvac (Feb 16)