Re: Security certificate negation by content provider

From: Dave Ahmed (daat_private)
Date: Sat Aug 25 2001 - 12:44:50 PDT

Next message: IT Resource Center : "security bulletins digest"

Previous message: Eddie Chandler: "Security certificate negation by content provider"
In reply to: Eddie Chandler: "Security certificate negation by content provider"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 25 Aug 2001, Eddie Chandler wrote:

> 1)  problem description:
>
> 	Content provider realnames.com removes security certificate
> 	after padding with its advertising.

Hmm, doesn't look like that is the case.  The problem seems to
be that the lock doesn't appear in the browser and there is no dialog when
one of the inner frame's contents originates from an https server (at
least not with my IE security settings).  If you view the properties of the
order page frame you will see that it is https with a valid certificate.

Dave Ahmad
Security Focus
www.securityfocus.com

Next message: IT Resource Center : "security bulletins digest"
Previous message: Eddie Chandler: "Security certificate negation by content provider"
In reply to: Eddie Chandler: "Security certificate negation by content provider"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Aug 25 2001 - 12:48:14 PDT