[conspire] Another XSS (was: OUCH!!! Fwd: SSL cracked)
nick at zork.net
Wed Sep 21 01:54:39 PDT 2011
> John Sokol's melodramatic misinterpretation notwithstanding, Rizzo and
> Duong did not 'crack SSL'.
Furthermore, I'm still not convinced that this approach is at all novel.
It seems like a very close match to an attack identified by Gregory Bard
in 2004. Of course Bard wrote an academic paper about it, and these
guys seem to be writing press releases.
Q: Should I put my reply above quoted text?
More information about the conspire