Axley, Jason wrote: > I think that this trades one security problem for others in the > application security realm. Sites that allow for equivalent functional > duality in either HTTPS or HTTP protocols often suffer from problems > where the HTTPS site inadvertently references an HTTP URL instead of > HTTPS when doing something sensitive. Most people won't notice the > insecurity because the site "still works". I prefer when applications > break in insecure ways that they break loudly.
and the latest phishing http://www.techweb.com/wire/security/171100298;jsessionid=EE0OXQCFILSOEQSNDBCCKHSCJUMEKJVN New Phish Deceives With Phony Certificates A new, advanced form a phishing dubbed "secured phishing" because it relies on self-signed digital certificates, can easily fool all but the most cautious consumers, a security firm warned Thursday. ... snip ... --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]