[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Repo-criteria-discuss] Savannah and HTTPS

From: Hanno Böck
Subject: Re: [Repo-criteria-discuss] Savannah and HTTPS
Date: Thu, 26 Jan 2017 10:27:35 +0100


I wrote this four months ago:

On Mon, 19 Sep 2016 12:30:03 +0200
Hanno Böck <address@hidden> wrote:

> But second - more important - it's basically irrelevant, because the
> login page itself is served over http. Whatever the user selects there
> is already under full control of a potential attacker. Even though the
> login data usually is sent over https, this can easily be changed by
> an attacker with an ssl stripping attack.

Yet nothing happened until now.

The latest Firefox version 51 now warns about such insecure forms:

Hanno Böck

mail/jabber: address@hidden
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Attachment: pgpyiICabazpC.pgp
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]