xml-dev - RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation

RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation

[ Lists Home | Date Index | Thread Index ]

To: Ralph Hilken <ralph.hilken@artige.com>
Subject: RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation
From: Elliotte Rusty Harold <elharo@metalab.unc.edu>
Date: Tue, 6 Jan 2004 15:53:13 -0500
Cc: "'xml-dev@lists.xml.org'" <xml-dev@lists.xml.org>
In-reply-to: <65FB0B72BF5CD211980600104B102DC51912D4@igelbau.narvon.artige.com>
References: <65FB0B72BF5CD211980600104B102DC51912D4@igelbau.narvon.artige.com>

At 1:51 PM -0500 1/6/04, Ralph Hilken wrote:


>In addition to HTTP authentication not being deployed due to lack of
>popularity or experience with it, there are the recent "phishing"
>exploits publicized, with warnings published by E-Week:
>  http://www.eweek.com/article2/0,4149,1409700,00.asp
>  http://www.eweek.com/article2/0,4149,1399670,00.asp
>
>and Microsoft:
>  http://support.microsoft.com/?id=833786


These appear to not be directly related to HTTP authentication. They 
simply fool the user into thinking they are at a different site than 
they actually are. HTTP authentication and cookie based 
authentication are equally vulnerable to this style of social 
engineering.
-- 

   Elliotte Rusty Harold
   elharo@metalab.unc.edu
   Effective XML (Addison-Wesley, 2003)
   http://www.cafeconleche.org/books/effectivexml
   http://www.amazon.com/exec/obidos/ISBN%3D0321150406/ref%3Dnosim/cafeaulaitA

References:
- RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: Ralph Hilken <ralph.hilken@artige.com>

Prev by Date: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation
Next by Date: RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Particip ation
Previous by thread: RE: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Next by thread: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Index(es):
- Date
- Thread