Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: tlug: Cache cow security hole
- To: tlug@example.com
- Subject: Re: tlug: Cache cow security hole
- From: Jonathan Byrne <jq@example.com>
- Date: Thu, 1 Oct 1998 21:26:47 +0900 (JST)
- Content-Type: TEXT/PLAIN; charset=US-ASCII
- In-Reply-To: <Pine.LNX.3.96LJ1.1b7.981001091426.5525A-100000@example.com>
- Reply-To: tlug@example.com
- Sender: owner-tlug@example.com
On Thu, 1 Oct 1998, Totoro wrote: > Netscape's flaw does NOT involve encrypted information, as this is not > stored in cache. I suppose if you are ordering something through a > non-secure site (not many of these are left, are there?), then there > might be a risk. So far nobody has reported such an attack, as this > flaw is still described as "hypothetical" by Netscape. Then again, > Edupage is quoting USA Today, so YMMV by a lot here..... The author of the exploit specifically states that he did recover credit card numbers from cache. They were posted https to forms using GET. Since few forms do this, it is unlikely, but not impossible, to be compromised this way. Cheers, Jonathan --------------------------------------------------------------- Next Meeting: 10 October, 12:30 Tokyo Station Yaesu central gate Featuring the IMASY Eng. Team on "IPv6 - The Next Generation IP" Next Nomikai: 20 November, 19:30 Tengu TokyoEkiMae 03-3275-3691 --------------------------------------------------------------- Sponsor: PHT, makers of TurboLinux http://www.pht.co.jp
- References:
- Re: tlug: Cache cow security hole
- From: Totoro <riley@example.com>
- Re: tlug: Cache cow security hole
- Prev by Date: Re: tlug: CD Recording issues
- Next by Date: tlug: YOW! Edict on a pilot!
- Prev by thread: Re: tlug: Cache cow security hole
- Next by thread: RE: tlug: Cache cow security hole
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |