On Thu, 08 Sep 2011 21:23:50 +0200 polishcode <[email protected]> wrote:
> Please refer to the link I supplied above: > http://my.opera.com/securitygroup/blog/2011/08/30/when-certificate-authorities-are-hacked-2. > > What else could it transmit? Everything or nothing. False sense of security is worse than no security. Opera is arguably better but still pointless without a secure connection. If the connection is not secured by Opera then an attacker can just forge the content, If it is secured then Opera can send back anything they like such as your browser history or worse for all we know. There is a proposal for DNSSEC to be used though the encryption for DNSSEC was poorly chosen (RSA) and so key sizes limited in size by the DNS record system. With DNSSEC the problem of DOS would still be true too. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
