[145059] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: TLS break

daemon@ATHENA.MIT.EDU (Chimpy McSimian IV, Esq.)
Wed Nov 11 10:43:09 2009

In-Reply-To: <20091110010823.GU24774@np305c2n2.ms.com>
Date: Tue, 10 Nov 2009 16:43:55 -0800
From: "Chimpy McSimian IV, Esq." <mr.monkey@gmail.com>
To: cryptography@metzdowd.com

On Mon, Nov 9, 2009 at 5:08 PM, Victor Duchovni
<Victor.Duchovni@morganstanley.com> wrote:

> attack, checking "Referrer" headers is no longer effective, so anti-CSRF
> defenses have to be more sophisticated (they *should* of course be more

Checking the Referer header never was effective. It's not even
guaranteed to be present, let alone true.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[145059] in cryptography@c2.net mail archive

Re: TLS break

daemon@ATHENA.MIT.EDU (Chimpy McSimian IV, Esq.)Wed Nov 11 10:43:09 2009

daemon@ATHENA.MIT.EDU (Chimpy McSimian IV, Esq.)
Wed Nov 11 10:43:09 2009