oDesk Time Tracker Vulnerabilities

When SSL is not enough

oDesk Time Tracker does not verify the SSL certificate of the host it connects to thus becoming vulnerable to various Man-in-the-Middle attacks (if an attacker is able to spoof DNS for team.odesk.com — say, by setting up a fake DHCP and DNS servers in the local network — or posion the DNS cache or whatever — this is [...]

← Вернуться к полной версии записи «oDesk Time Tracker Vulnerabilities»…

Связанные записи

Автор: Vladimir; опубликовано в: Безопасность; метки: MITM, nginx, oDesk, PHP, SSL, атака, спуфинг, уязвимость

15
Июнь
2009

Комментарии к статье «oDesk Time Tracker Vulnerabilities» (2) »

oDesk Time Tracker Vulnerabilities | Ars Longa, Vita Brevis « Site Super Tracker

Февраль 7, 2010 в 01:02

[...] Today found this great post, here is a quick excerpt : oDesk Time Tracker does not verify the SSL certificate of the host it connects to thus becoming vulnerable to various Man-in-the-Middle attacks (if an attacker is able to spoof DNS for team.odesk.com — say, by setting up a fake DHCP and … Read the rest of this great post Here [...]

Log in to Reply
oDesk Time Tracker Vulnerabilities « Безопасность « Ars Longa … « Site Super Tracker

Февраль 17, 2010 в 21:02

[...] Today found this great post, here is a quick excerpt : oDesk Time Tracker does not verify the SSL certificate of the host it connects to thus becoming vulnerable to various Man-in-the-Middle attacks (if an attacker is able to spoof DNS for team.odesk.com — say, by setting up a fake DHCP and … Read the rest of this great post Here [...]

Log in to Reply