Australian Edition ▼

US Edition
UK Edition

POPULAR: security , data , banks

Home News

Web/client
Networks
Applications
Cloud
Risk
Crypto
Hackers
Messaging

In Depth

Features
Opinions

Reviews

Anti-malware
Authentication
Border Protection
Risk
Services

Events SC Awards

WHAT WE'RE FOLLOWING: AusCERT2012 • Print edition • Jobs • Fixer

Home / In Depth / Opinions

Username:

* Username required

Password:

* Password required

Remember me | Forgot your password?

Don't have an account? Register now!

Enter the email address you used to register your SC Magazine account and we'll send you a new password:

Email:

* Email required

* Invalid Email address

Click here to return to Login Form

Join the SC Magazine community

Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.

1) Login Details

Username*

* Username required

Email*

* Email address required

* Invalid Email address

Password*

* Password required

Confirm Password*

* Password confirmation required

* Passwords don't match!

2) About You

First Name*

* First name required

Last Name*

* Last name required

Country*

* Country req'd

State*

* State required

Post Code*

* Post Code req'd

Job Title*

* Job Title required

Company Name*

* Company required

Approximate number of employees in your organisation:*

* No. of employees required

Industry*

* Industry required

I currently purchase or influence the purchase of computer security related services and/or applications:*

* Purchase or influence required

3) Bulletins Receive the latest security news and reviews directly to your inbox. Tailor your information by selecting your areas of interests below:

Daily security bulletin

Daily security bulletin
Delivered daily, the SC Magazine bulletin keeps you up to date on the latest security news from Australia/NZ and around the world.

Special Offers and Promotions

SC Magazine will keep you up to date with special offers, promotions, competitions and new products from carefully selected third parties and partners of SC Magazine.

At no time will your email be provided to any other company.

I have read and accept the Privacy Policy and Conditions of Use of registration*

* You must agree to the Terms & Conditions to register an account

Already have an account? Log in here.

Please check your email

A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.

If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.

Wasn't that encrypted?

By Ken Munro on Jan 22, 2008 11:26 AM
Filed under Applications

Encryption is pointless if not applied to an entire session. It only gives users a false sense of security.

Consumers are advised to "look for the padlock when browsing and your identity will be safe". As security professionals, we all know it's a bit more complex than that, but the principle is sound, isn't it? Sessions are used by web applications to identify authenticated users. The session is passed with your HTTP request to ensure that only you have access to your account. Make the session value long and random, pass it only over encrypted HTTPS, and you have a secure application. Or at least, that has always been the assumption. Facebook is an example of how its possible ...

You must be a registered member to access this content.
Please Sign in below or Register now.

NOTE: This Feature is more than 7 days old.
Please login to view the rest of this article

Registered users may log in here.

Username:

Password:

Remember me

Login or Register now and get unlimited access.

Why sign up?

Unlimited access to SC Magazine content as well as access to to our global resources from SC Magazine US and UK editions.
Full use of over 11,000 articles database covering breaking news, video interviews, case studies, research, product reviews and exclusive features with fast and intuitive filtering of results.
Personalised "Recommended for you" filters to ensure you have the most relevant content at your finger tips.
Daily security bulletin direct to your inbox covering the latest security news from Australia/NZ and around the world.

Register now, its free! We'll never sell your details to third parties and it helps SC Magazine to keep serving you quality stories.

FOLLOW US...

Please check your email

Wasn't that encrypted?

Encryption is pointless if not applied to an entire session. It only gives users a false sense of security.

Most Read