That's my point, if a connection can only be established via SSL how can some one sidejack without either degrading the connection, or having physical access to the machine.
In all modern instances I've seen owa deployed, it requires SSL out of the box. On Oct 25, 2011, at 7:45 PM, Darren McDonald <[email protected]> wrote: > On 26 October 2011 00:30, William Reyor <[email protected]> wrote: >> How would a remote attacker be able to read my systems memory? >> > > ... how would someone gain access to your session token? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
