I share the same concern; can the inbound services we offer via the internet using Sun iPlanet be penetrated without being detected since the attack is transported within SSL? For example IMAP/HTTP/SSL/TCP/IP. I would like for someone to convince me that my concern is unfounded. Any takers? >proberts@patriot.net wrote: >An attacker uses an SSL-enabled tool to compromise a >web server. This tool just happens to exploit the >latest discovered >vulnerability. The server, >unfortunately, hasn't yet been patched. The tool >uses >SSL to get past firewalls and IDSs, and that's the >key, since the >site's network has an IDS that would >have been triggered had the tool used >clear-text >HTTP. Now the attacker has control of one box, and >can use it to >compromise the entire network -- all >over SSL and practically invisible to >the watchers. Find the best deals on the web at AltaVista Shopping! http://www.shopping.altavista.com - [To unsubscribe, send mail to majordomo@lists.gnac.net with "unsubscribe firewalls" in the body of the message.]