SLUG Mailing List Archives - [chat] "Steal" data before encryption

To: SLUG-CHAT <slug-chat@xxxxxxxxxxx>
Subject: [chat] "Steal" data before encryption
From: Phil Scarratt <fil@xxxxxxxxxxx>
Date: Thu, 10 Jul 2003 22:07:08 +1000
Organization: Draxsen Technologies
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0

Hi All

Member of main list for awhile ... new to slug chat...

...is it possible (however unlikely or difficult it might be - or evenpointless due to other easier methods of doing effectively the samething) for a hacker/attacker to get access to data entered into a formin a browser on an SSL connection to a remote server BEFORE it isencrypted but after the form submit has been clicked - so I guess what Iam really asking is when/where does the encryption occur (I presume thebrowser does it) and is it possible to get at the data via some"backdoor" before encryption?????


or I guess this is really a browser vulnerability question...

I know keystroke loggers exist and presumably the data must exist inmemory at some stage so looking at the memory might work...just ahypothetical question really which came about from some research intosecuring web apps that I am doing.



--
Phil Scarratt

Follow-Ups:
- Re: [chat] "Steal" data before encryption
  - From: Matt M
- Re: [chat] "Steal" data before encryption
  - From: Felix Sheldon

Messages sorted by: [ date | thread ]
Prev by Date: [chat] Federal Open Source Legislation Democrats to introduce IT Bill
Next by Date: [chat] Re: Federal Open Source Legislation Democrats to introduce IT Bill
Previous by thread: Re: [chat] Re: Federal Open Source Legislation Democrats to introduce IT Bill
Next by thread: Re: [chat] "Steal" data before encryption