[Ach] Idea: catching old clients with sni

Adi Kriegisch adi at kriegisch.at
Tue Nov 12 23:18:55 CET 2013


> On 12.11.2013, at 16:51, Adi Kriegisch <adi at kriegisch.at> wrote:
> > I think this could be a hint for site operators still caring for users of
> > very old browsers. What do you think? Is this worth a hint in our paper?
> Site operators could even disable login forms or other means where users submit data in an unsecure way on that fallback host to protect users while suggesting an incentive to upgrade their browsers. (Or to bug the IT department to do so.)
Absolutely. But these changes require modifications on application level
and this is not feasible in many situations. (or worse: introduce
different weaknesses).

-- Adi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20131112/14740763/attachment.sig>

More information about the Ach mailing list