Re: where is netscape 4 in testing?
At 2003-09-09T19:00:28Z, Joerg Rossdeutscher <ratti@gesindel.de> writes:
>> Whoa, sure it's interesting. Consider a man-in-the-middle SSL attack: now
>> somebody else owns everything you have.
> I always thought with a SSL-connection the man in the middle just gets
> useless "binary trash"? Am I wrong?
That was the whole point: Netscape 4 has quite a few known vulnerabilities.
It may very well be the case that a MITM could snoop a session from a
Netscape 4 browser's broken SSL implementation.
--
Kirk Strauser
Reply to: