Cable Forum - View Single Post - Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

bigsanta11 · 21-05-2008, 17:24

"Questions raised about the security of EV-SSL

Sintonen demonstrated how the use of cross-site scripting could be used to prompt users for their login credentials and then send the credentials to an unauthorised server. Sintonen also injected code that caused a pop-up window to appear on the page and said the flaw could be used to steal user cookies."

http://www.pcadvisor.co.uk/news/index.cfm?newsid=13109&

Why steal cookies,seeing as the phorm pr has stated that nothing can be gained from them ?

21-05-2008, 17:24	#6962
bigsanta11 Inactive Join Date: Apr 2008 Posts: 59	Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797] "Questions raised about the security of EV-SSL Sintonen demonstrated how the use of cross-site scripting could be used to prompt users for their login credentials and then send the credentials to an unauthorised server. Sintonen also injected code that caused a pop-up window to appear on the page and said the flaw could be used to steal user cookies." http://www.pcadvisor.co.uk/news/index.cfm?newsid=13109& Why steal cookies,seeing as the phorm pr has stated that nothing can be gained from them ?