RE: Re: Cookies at XML Europe 2004 -- Call for Particip ation

Cart

XML Editor - Download a Free Trial >

See What's New >

Buy Now >

[Home] [By Thread] [By Date] [Recent Entries]

To: Ralph Hilken <ralph.hilken@a...>
Subject: RE: Re: Cookies at XML Europe 2004 -- Call for Particip ation
From: Elliotte Rusty Harold <elharo@m...>
Date: Tue, 6 Jan 2004 15:53:13 -0500
Cc: "'xml-dev@l...'" <xml-dev@l...>
In-reply-to: <65FB0B72BF5CD211980600104B102DC51912D4@i...>
References: <65FB0B72BF5CD211980600104B102DC51912D4@i...>

At 1:51 PM -0500 1/6/04, Ralph Hilken wrote:


>In addition to HTTP authentication not being deployed due to lack of
>popularity or experience with it, there are the recent "phishing"
>exploits publicized, with warnings published by E-Week:
>  http://www.eweek.com/article2/0,4149,1409700,00.asp
>  http://www.eweek.com/article2/0,4149,1399670,00.asp
>
>and Microsoft:
>  http://support.microsoft.com/?id=833786


These appear to not be directly related to HTTP authentication. They 
simply fool the user into thinking they are at a different site than 
they actually are. HTTP authentication and cookie based 
authentication are equally vulnerable to this style of social 
engineering.
-- 

   Elliotte Rusty Harold
   elharo@m...
   Effective XML (Addison-Wesley, 2003)
   http://www.cafeconleche.org/books/effectivexml
   http://www.amazon.com/exec/obidos/ISBN%3D0321150406/ref%3Dnosim/cafeaulaitA

References:
- RE: Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: Ralph Hilken <ralph.hilken@a...>

Prev by Date: Re: Re: Cookies at XML Europe 2004 -- Call for Particip ation
Next by Date: RE: Re: Cookies at XML Europe 2004 -- Call for Particip ation
Previous by thread: RE: Re: Cookies at XML Europe 2004 -- Call for Participation
Next by thread: Re: Re: Cookies at XML Europe 2004 -- Call for Participation
Index(es):
- Date
- Thread

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >