I think you may be
Missing my point. Any https Web site will show up in your browser if you enter http instead of https. I would consider CheckPoint light years better than Zone Alarm. Still that's my opinion.
View ArticleOWA 2003
Was a vast improvement over Exchange 5.5 and Exchange 2000. I use it exclusively, as I consider Outlook way not secure.
View ArticleI always check.
Also, with secure app writing (web apps) one should always add a check for SSL.you can't enter data from an HTTP form and post it to an HTTPS addy. not secure.you must be HTTPS first.So, you app should...
View ArticleIs it not because of speed?
Do we have both because in dial up days things were too slow when encrypted??or are there somethings that can't be?
View ArticleOkay, great!...
So these sites must be an example of transmitting logon in the clear?When I check the cert on the plain page the cert does show; this is also why I was relating the information about the privacy...
View ArticleWorks for me...
That's how I communicated with my buds in Iraq. My entire gmail session says SSL. At least you can see the https:\ and the padlock next to the refresh buttion. But then, I use IE 7.I thought Neon gave...
View ArticleNEON HELP!
I didn't mean to send you on a wild goose chase Michael! I think it was Neon or Seanferd that found that gmail SSL was leaky.Someone said they used wireshark and some other tools to find this out. It...
View ArticleI'm pretty sure
That I started the discussion with an article related to the fact that many sites weren't using https until the user signed in. Or if the site was using https, it would only use it for sign in and then...
View ArticleNoScripts may be of help
I was just checking my NoScripts setting and I rememebered that there is an https configuration tab. Noscripts will allow you to pick sites that NoScripts will force an https connection. I think that...
View ArticleKaminsky's bug
Michael: thanks for thinking through our discussion if "forcing https via .htaccess at the web server & scripting pages themselves to check they are working through https" works.I note your comment...
View ArticleNot my gmail!...
The indicators show SSL during the entire session! The "s" and the padlock! But someone told me the whole journey is not, in fact, encrypted.Some google routers and servers along the route tend to drop...
View ArticleDon't think so
They remove encryption once the traffic gets into the Gmail cluster, but until then along the path the traffic should remain encrypted. MitM attacks off course are possible, even by Google, but there's...
View Articlelooking at it now...
Initial connection ishttps://www.google.ca/accounts/....Login provided and rolling over to mail interfacehttps://mail.google.com/mail/....This is after correcting the user settingsBrowser connection: =...
View ArticleTried to tell 'em!...
but they won't listen. Even my clients in the school system have the sense to encrypt and attach.Thanks for the rep Neon! Saved by the bell!
View ArticleNo, I don't think so.
I think LongOfTooth's solution will actually work just fine. The SSLStrip tool needs to get original information via unencrypted HTTP. If you never send any HTTP requests, and start from the beginning...
View ArticleIt's a browser-side vulnerability. Fix it there!
It seems to me that this could be mitigated by the browser vendors by:- Attempting connection to HTTPS by default, if the address given does not specify a protocol (as GOu pointed out, most people just...
View Articleah.. so you need a shot of the page to make use of
Ah, so it'll spoof the page on the fly but you need an initial copy of it to inject then if I read correctly. Now to retire http and and make https the norm (cough.. TR login.. cough).
View ArticleBut caches get flushed and they expire automatically in a short period of
But caches get flushed and they expire automatically in a short period of time (usually 2 days). If it was accessed via DNS or DNSSEC, it means that you have accessed the web page at some point in...
View ArticleEven I don't notice
I'm pretty technically savvy, keep up on security issues and all, but even I don't notice the tiny lock icon or the "https" prefix most of the time. I wish the entire screen would change... the browser...
View Article