[22421] in bugtraq
Re: Security certificate negation by content provider
daemon@ATHENA.MIT.EDU (Dave Ahmed)
Sat Aug 25 15:54:09 2001
Date: Sat, 25 Aug 2001 13:44:50 -0600 (MDT)
From: Dave Ahmed <da@securityfocus.com>
To: Eddie Chandler <eddiec@arch.sel.sony.com>
Cc: <bugtraq@securityfocus.com>
In-Reply-To: <00d101c12d67$a0e83b20$b49ea740@bigdogs.selresearch.net>
Message-ID: <Pine.GSO.4.30.0108251338280.10509-100000@mail>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Sat, 25 Aug 2001, Eddie Chandler wrote:
> 1) problem description:
>
> Content provider realnames.com removes security certificate
> after padding with its advertising.
Hmm, doesn't look like that is the case. The problem seems to
be that the lock doesn't appear in the browser and there is no dialog when
one of the inner frame's contents originates from an https server (at
least not with my IE security settings). If you view the properties of the
order page frame you will see that it is https with a valid certificate.
Dave Ahmad
Security Focus
www.securityfocus.com
