[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] HTTP AUTH BASIC monowall.

To: Simon Smith <simon@xxxxxxxxxxx>
Subject: Re: [Full-disclosure] HTTP AUTH BASIC monowall.
From: Tim <tim-security@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 15 Mar 2006 14:19:03 -0500

> Hence, why I want a technology to protect data and not a human being.

Wouldn't we all like that...  Sorry to break it to you, but it doesn't
exist.

In the interim, lobby your browser vendor to remove the ability to use
an SSLed webserver whose certificate isn't valid/trusted.  Then if you
remove your users' ability to change CA trust, you've gone a long way in
fixing the REAL problem you are trying to solve.

cheers,
tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
  - From: Keith
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
  - From: Simon Smith
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
  - From: Valdis . Kletnieks
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
  - From: Simon Smith
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
  - From: Michael Holstein
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
  - From: Simon Smith
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
  - From: bkfsec
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
  - From: Simon Smith
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
  - From: Tim
- Re: [Full-disclosure] HTTP AUTH BASIC monowall.
  - From: Simon Smith

Prev by Date: Re: [Full-disclosure] HTTP AUTH BASIC monowall.
Next by Date: Re: [Full-disclosure] HTTP AUTH BASIC monowall.
Previous by thread: Re: [Full-disclosure] HTTP AUTH BASIC monowall.
Next by thread: [Full-disclosure] Re: HTTP AUTH BASIC monowall.
Index(es):
- Date
- Thread