On Tue, Apr 08, 2014 at 01:33:51PM -0400, David Blank-Edelman wrote: > On Apr 8, 2014, at 9:48 AM, Paul Graydon <p...@paulgraydon.co.uk> wrote: > > > There is ample proof this morning that it can be used to acquire yahoo > > credentials with ease as Yahoo remains unpatched. > > So I’ve seen the screen shot too that went around, but I have to > admit, I’m curious about the mechanics behind that. Would anyone care > to speculate just how you use this bug to grab credentials in that > way from them? I can hazard a partial guess, but I’d like to hear if > others have any more technical detailed thoughts on how this was > done. > > — dNb
Haven't seen the screenshot, but at least in my head I'm envisioning snagging private keys than capturing corresponding traffic and being able to decrypt it. Ray _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
