[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

RE: Re: Cookies at XML Europe 2004 -- Call for Particip ation

• To: Ralph Hilken <ralph.hilken@a...>
• Subject: RE: Re: Cookies at XML Europe 2004 -- Call for Particip ation
• From: Elliotte Rusty Harold <elharo@m...>
• Date: Tue, 6 Jan 2004 15:53:13 -0500
• Cc: "'xml-dev@l...'" <xml-dev@l...>
• In-reply-to: <65FB0B72BF5CD211980600104B102DC51912D4@i...>
• References: <65FB0B72BF5CD211980600104B102DC51912D4@i...>

At 1:51 PM -0500 1/6/04, Ralph Hilken wrote:


>In addition to HTTP authentication not being deployed due to lack of
>popularity or experience with it, there are the recent "phishing"
>exploits publicized, with warnings published by E-Week:
>  http://www.eweek.com/article2/0,4149,1409700,00.asp
>  http://www.eweek.com/article2/0,4149,1399670,00.asp
>
>and Microsoft:
>  http://support.microsoft.com/?id=833786


These appear to not be directly related to HTTP authentication. They 
simply fool the user into thinking they are at a different site than 
they actually are. HTTP authentication and cookie based 
authentication are equally vulnerable to this style of social 
engineering.
-- 

   Elliotte Rusty Harold
   elharo@m...
   Effective XML (Addison-Wesley, 2003)
   http://www.cafeconleche.org/books/effectivexml
   http://www.amazon.com/exec/obidos/ISBN%3D0321150406/ref%3Dnosim/cafeaulaitA

• References:
  • RE: Re: Cookies at XML Europe 2004 -- Call for Participation
    • From: Ralph Hilken <ralph.hilken@a...>

• Prev by Date: Re: Re: Cookies at XML Europe 2004 -- Call for Particip ation
• Next by Date: RE: Re: Cookies at XML Europe 2004 -- Call for Particip ation
• Previous by thread: RE: Re: Cookies at XML Europe 2004 -- Call for Participation
• Next by thread: Re: Re: Cookies at XML Europe 2004 -- Call for Participation
• Index(es):
  • Date
  • Thread