Re: [Repo-criteria-discuss] Savannah and HTTPS

repo-criteria-discuss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Repo-criteria-discuss] Savannah and HTTPS

From:	Hanno Böck
Subject:	Re: [Repo-criteria-discuss] Savannah and HTTPS
Date:	Thu, 26 Jan 2017 10:27:35 +0100

Hi,

I wrote this four months ago:

On Mon, 19 Sep 2016 12:30:03 +0200
Hanno Böck <address@hidden> wrote:

> But second - more important - it's basically irrelevant, because the
> login page itself is served over http. Whatever the user selects there
> is already under full control of a potential attacker. Even though the
> login data usually is sent over https, this can easily be changed by
> an attacker with an ssl stripping attack.

Yet nothing happened until now.

The latest Firefox version 51 now warns about such insecure forms:
https://pbs.twimg.com/media/C29x6e2XcAEwOPv.jpg



-- 
Hanno Böck
https://hboeck.de/

mail/jabber: address@hidden
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

pgpyiICabazpC.pgp
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Repo-criteria-discuss] Savannah and HTTPS, Hanno Böck <=

Prev by Date: [Repo-criteria-discuss] What about self-hosting?
Previous by thread: [Repo-criteria-discuss] What about self-hosting?
Index(es):
- Date
- Thread