The dangers of https, revisited

Fly · Jan 11, 2010

See this thread, the first post is a few years old: https://www.wilderssecurity.com/showthread.php?t=31087&highlight=https dangers

My question is not about theory or what is possible.

If anyone relies on an external filter or firewall to control web content (cookies, Java/VBScript, ActiveX, etc) then this filter will not do any filtering on HTTPS traffic (since all it sees is the encrypted data). So a site can, by using an HTTPS link, plant cookies or run code regardless of what restrictions you have set.
Click to expand...

Is this currently exploited, for malware, commercial or surveillance purposes ?

When I log into the website of my own bank, it manages to plant a Flash cookie, although I've tightened the Flash security settings as much as possible. I really don't like that.

Btw, I'm using Windows XP Home Edition SP 2 IE 7, tweaked settings.

Log in or Sign up

The dangers of https, revisited

Fly Registered Member

Log in or Sign up

The dangers of https, revisited

Fly Registered Member

Useful Searches