Mailing List Archive

Support open source code!


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tlug: Cache cow security hole



On Thu, 1 Oct 1998, Totoro wrote:

> Netscape's flaw does NOT involve encrypted information, as this is not
> stored in cache. I suppose if you are ordering something through a
> non-secure site (not many of these are left, are there?), then there
> might be a risk. So far nobody has reported such an attack, as this
> flaw is still described as "hypothetical" by Netscape. Then again,
> Edupage is quoting USA Today, so YMMV by a lot here.....

The author of the exploit specifically states that he did recover credit
card numbers from cache.  They were posted https to forms using GET.
Since few forms do this, it is unlikely, but not impossible, to be
compromised this way.

Cheers,

Jonathan

---------------------------------------------------------------
Next Meeting: 10 October, 12:30 Tokyo Station Yaesu central gate
Featuring the IMASY Eng. Team on "IPv6 - The Next Generation IP"
Next Nomikai: 20 November, 19:30  Tengu TokyoEkiMae 03-3275-3691
---------------------------------------------------------------
Sponsor: PHT, makers of TurboLinux http://www.pht.co.jp


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links