Re: web info re: passport security problems?
From: S. Pidgorny [MVP] (slavickp@yahoo.com)
Date: 06/01/02
- Next message: RyanW: "Re: thenerds.net got hacked"
- Previous message: S. Pidgorny [MVP]: "Re: thenerds.net got hacked"
- In reply to: Robert Nagle: "web info re: passport security problems?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "S. Pidgorny [MVP]" <slavickp@yahoo.com> Date: Sat, 1 Jun 2002 18:20:55 +1000
Robert,
Marc Slemko does great job finding vulnerabilities in systems that use
cookies. Microsoft responds adequately, by issuing patches to client
software and modifying server configuration to narrow down window of
opportunity for a cookie thief. I would actually recommend Microsoft's
security site, and also bugtraq mailing list and the rest of
securityfocus.com.
I believe that XML Web Services security, which allows to use PKI and
Kerberos Internet-wide, will once provide replacement for cookie-based
security.
-- Svyatoslav Pidgorny, MS MVP, MCSE -= F1 is the key =- "Robert Nagle" <idiotprogrammer@yahoo.com> wrote in message news:fbef97c.0205312218.546e0a5c@posting.google.com... > I just finished a fascinating article about the theoretically problems > with the passport login system. http://avirubin.com/passport.html > > I also found the slemko article about a security hole > http://alive.znep.com/~marcs/passport/ > > Where is a good place to find the most current information about > passport security problems/risks? is the official ms site a bad place > for this information? > > Robert Nagle, Technical Writer Austin Texas > http://www.imaginaryplanet.net/weblogs/asiafirst/
- Next message: RyanW: "Re: thenerds.net got hacked"
- Previous message: S. Pidgorny [MVP]: "Re: thenerds.net got hacked"
- In reply to: Robert Nagle: "web info re: passport security problems?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
