1997-04-12 - Re: SSL weakness affecting links from pa

Header Data

From: Bill Stewart <stewarts@ix.netcom.com>
To: ARTURO GRAPA YSUNZA <AGRAPA@banamex.com>
Message Hash: 8c1db1e260856d8a95f59fbe39ec6a88de8456e69553dd0143dc2b44066bba72
Message ID: <3.0.1.32.19970411230142.00643490@popd.ix.netcom.com>
Reply To: <c=MX%a=_%p=BANACCI%l=CENTRALES/BARRANCA24/00015C5B@mex3976bcaop1.banamex.com>
UTC Datetime: 1997-04-12 06:03:06 UTC
Raw Date: Fri, 11 Apr 1997 23:03:06 -0700 (PDT)

Raw message

From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 11 Apr 1997 23:03:06 -0700 (PDT)
To: ARTURO GRAPA YSUNZA <AGRAPA@banamex.com>
Subject: Re: SSL weakness affecting links from pa
In-Reply-To: <c=MX%a=_%p=BANACCI%l=CENTRALES/BARRANCA24/00015C5B@mex3976bcaop1.banamex.com>
Message-ID: <3.0.1.32.19970411230142.00643490@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:54 AM 4/11/97 -0500, ARTURO GRAPA YSUNZA <agrapa@banamex.com> wrote:
>See http://www.Microsoft.com/security/
>under "Credit Card Security Concerns and Microsoft's Response"
>for Microsoft's response on the SSL GET/POST weakness. ¿Any opinions?

Thanks for the pointer to MS's security site; there's a lot of
good information there.

I was highly unimpressed with Microsoft's Response:
	"It's Not A Security Flaw"
	"But Everybody Important Works Around It"
	"And we're fixing it in the next release"
without providing much detail about what's going on.
It does indicate what to look into to avoid it when writing web pages,
but it doesn't say how to avoid it when entering your credit card number
into a web page, or what to look for as a non-programmer user.


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#     (If this is a mailing list, please Cc: me on replies.  Thanks.)

Thread

• Return to April 1997

• Return to “ARTURO GRAPA YSUNZA <AGRAPA@banamex.com>”
• Return to “Bill Stewart <stewarts@ix.netcom.com>”
• Return to “Black Unicorn <unicorn@schloss.li>”
• Return to “Bryan Lyles <lyles@parc.xerox.com>”
• Return to “Bryce <bryce@digicash.com>”
• Return to “Eric Murray <ericm@lne.com>”
• Return to “Gary Howland <gary@systemics.com>”
• Return to “sameer <sameer@c2.net>”
• Return to “Tom Weinstein <tomw@netscape.com>”

• Return to “Toto <toto@sk.sympatico.ca>”

• 1997-04-11 (Fri, 11 Apr 1997 14:30:08 -0700 (PDT)) - Re: SSL weakness affecting links from pa - ARTURO GRAPA YSUNZA <AGRAPA@banamex.com>
  • 1997-04-12 (Fri, 11 Apr 1997 23:03:06 -0700 (PDT)) - Re: SSL weakness affecting links from pa - Bill Stewart <stewarts@ix.netcom.com>
    • 1997-04-12 (Sat, 12 Apr 1997 00:41:36 -0700 (PDT)) - Re: SSL weakness affecting links from pa - Toto <toto@sk.sympatico.ca>
    • 1997-04-14 (Sun, 13 Apr 1997 22:13:34 -0700 (PDT)) - Re: SSL weakness affecting links from pa - Tom Weinstein <tomw@netscape.com>
    • 1997-04-14 (Sun, 13 Apr 1997 23:21:20 -0700 (PDT)) - Re: SSL weakness affecting links from pa - Toto <toto@sk.sympatico.ca>
    • 1997-04-14 (Mon, 14 Apr 1997 02:04:06 -0700 (PDT)) - Re: SSL weakness affecting links from pa - Tom Weinstein <tomw@netscape.com>
      • 1997-04-14 (Mon, 14 Apr 1997 09:20:14 -0700 (PDT)) - Re: SSL weakness affecting links from pa - Black Unicorn <unicorn@schloss.li>
        • 1997-04-14 (Mon, 14 Apr 1997 11:31:24 -0700 (PDT)) - Re: SSL weakness affecting links from pa - Eric Murray <ericm@lne.com>
        • 1997-04-14 (Mon, 14 Apr 1997 11:43:25 -0700 (PDT)) - Re: SSL weakness affecting links from pa - Bryce <bryce@digicash.com>
      • 1997-04-14 (Mon, 14 Apr 1997 10:44:20 -0700 (PDT)) - Re: SSL weakness affecting links from pa - Gary Howland <gary@systemics.com>
      • 1997-04-14 (Mon, 14 Apr 1997 12:34:53 -0700 (PDT)) - Re: SSL weakness affecting links from pa - Bryan Lyles <lyles@parc.xerox.com>
      • 1997-04-14 (Mon, 14 Apr 1997 12:43:14 -0700 (PDT)) - Re: SSL weakness affecting links from pa - sameer <sameer@c2.net>
    • 1997-04-14 (Mon, 14 Apr 1997 11:19:31 -0700 (PDT)) - Re: SSL weakness affecting links from pa - Toto <toto@sk.sympatico.ca>