RE: RPC over HTTP security

From: Eric McCarty (eric_at_piteduncan.com)
Date: 01/28/05

  • Next message: Depp, Dennis M.: "RE: RPC over HTTP security" 
    Date: Fri, 28 Jan 2005 09:35:26 -0800
To: "Kevin Doheny" <kdoheny@CNP.net>, "Shawn Wall" <sjwall@shaw.ca>, <sf_mail_sbm@yahoo.com>, <security-basics@securityfocus.com>

    Your joking right.

    "SSL in and of itself provides very little security"

    That's why most of the internet uses it right?.

    Your gonna have to back up statements like yours with some serious
    factual backing otherwise your comments will be discarded as B.S coming
    form someone who doesn't know what they are talking about.

    E.

    -----Original Message-----
    From: Kevin Doheny [mailto:kdoheny@CNP.net]
    Sent: Friday, January 28, 2005 5:06 AM
    To: Shawn Wall; sf_mail_sbm@yahoo.com; security-basics@securityfocus.com
    Subject: RE: RPC over HTTP security

    SSL in and of itself provides very little security... Way to easy to
    hack. Look into a Neoteris (now Juniper) SSL VPN/Proxy. This way evil
    hack3r can not ride the SSL stream into your network and past any IDS or
    IPS systems.

    Kevin

    -----Original Message-----
    From: Shawn Wall [mailto:sjwall@shaw.ca]
    Sent: Wednesday, January 26, 2005 11:04 PM
    To: sf_mail_sbm@yahoo.com; security-basics@securityfocus.com
    Subject: RE: RPC over HTTP security

    Are you using Exchange? Why not use OWA and secure it with SSL?

    shawn

    -----Original Message-----
    From: sf_mail_sbm@yahoo.com [mailto:sf_mail_sbm@yahoo.com]
    Sent: Wednesday, January 26, 2005 6:03 AM
    To: security-basics@securityfocus.com
    Subject: RPC over HTTP security

    Hi List,
    We are thinking about deploying RPC over HTTP to access email from the
    Internet

    Wanted to get some information on the technology and the security
    implications of same

    Not much info from Microsoft's site

    any help would be greatly apreciated

    Thanks,
    Ronish

  • Next message: Depp, Dennis M.: "RE: RPC over HTTP security"

    Relevant Pages

    • [NT] Microsoft SSL Library Remote Compromise Vulnerability (MS04-011, Exploit)
      ... Get your security news from a reliable source. ... condition in the Microsoft Secure Sockets Layer (SSL) library. ... the PCT 1.0 protocol is disabled by default. ...
      (Securiteam)
    • [fw-wiz] Help- Nat-t
      ... Security of HTTPS ... > Is there some possibility of a MITM attack? ... HTTPS relies on SSL / TLS. ...
      (Firewall-Wizards)
    • Re: SSL Overhead?
      ... encryption - this is useless if there is a backdoor wide open. ... mention the fact that SSL has security issues as well. ... SSL systems. ... Try using regular TCP to send the data. ...
      (microsoft.public.dotnet.framework.compactframework)
    • Re: [fw-wiz] The Outgoing Traffic Problem --
      ... technology known as secure sockets layer, ... technology to break into computers, and they can use the same technology ... actually hire folks with clues and/or experience to do security postureing ... No SSL Firewalls!!!!! ...
      (Firewall-Wizards)
    • Net security software exposed
      ... The most commonly used security system to protect passwords over the ... A team at the Federal Institute for Technology in Lausanne said they had ... "It is the first time we have noticed a security problem in the SSL protocol ... SSL works by encrypting a password or credit card number, ...
      (sci.crypt)