oDesk Time Tracker Vulnerabilities

  1. Time Tracker does not verify the certificate of the host it connects to thus becoming vulnerable to various Man-in-the-Middle attacks (if an attacker is able to spoof DNS for team.odesk.com — say, by setting up a fake DHCP and DNS servers in the local network — or posion the DNS cache or whatever — this is doable). Далее »
Автор: , опубликовано в: Безопасность, комментариев: 3
15
Июн
2009