[conspire] Another XSS (was: OUCH!!! Fwd: SSL cracked)

Nick Moffitt nick at zork.net
Wed Sep 21 01:54:39 PDT 2011

Rick Moen:
> John Sokol's melodramatic misinterpretation notwithstanding, Rizzo and
> Duong did not 'crack SSL'.  

Furthermore, I'm still not convinced that this approach is at all novel.
It seems like a very close match to an attack identified by Gregory Bard
in 2004.  Of course Bard wrote an academic paper about it, and these
guys seem to be writing press releases.

A: No.
Q: Should I put my reply above quoted text?

More information about the conspire mailing list