Re: sigHTTP comments?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi John,

Am Freitag den, 21. Juni 2002, um 18:31, schrieb John Stracke:

> I disbelieve.  All he would've had to do would be to modify the login
> form handler instead of the form itself.  As you've described it,
> SigHTTP does nothing for dynamic content.
I told the case too short. In real it was a combination of two servers.
The one central server, highly secured, used by multiple banks, 
containing the programming, database and so on.
A normal webserver as a starting portal for the bank clients, not very 
secure because 'they' thought it is of no security importance.
The intruder managed to change the starting html pages and direct the 
users to his own copy of the above mentioned central server.
These start pages are mostly of a static nature, only minor dynamic 
parts like timestamp, etc..
I think it may be better so sign these pages too, so a changed link to a 
fake server would not be possible. The real link was only an ip number, 
as was the changed one, so a normal user would not recognise the change.

> So how does the browser distinguish between a page whose signature was
> deleted by an attacker and one whose maintainer has stopped using
> SigHTTP?
I see now way of telling the difference between something missing 
intentionally and deleted.
It would be the duty of the user to check for the status of the page.
In case of https/SSL he has to check for the existence of the https:// 
or gets some browser popups informing him or sees the keylock symbol in 
the browser.
In case of SigHTTP he would have to look for some similar sign of a 
SigHTTP plugin or stand alone tool in the tast bar to check for him.

Otherwise: Are there any positive comments available for pushing up my 
weekend? :-)

with kind regards
--
Think Saftey
www.security-gui.de & www.sighttp.org


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]