On Sun, Sep 07, 2003 at 09:46:02PM +0200, Joerg Rossdeutscher wrote: > Am So, 2003-09-07 um 21.11 schrieb Mario Vukelic: > > You probably don't even get security fixes fo NS 4 anymore! > > Uninteresting, since one would use NS4 only with the bank's site. They > don't need to hack me. They own everything I have... :-)
Whoa, sure it's interesting. Consider a man-in-the-middle SSL attack: now somebody else owns everything you have. This is a real example, although I don't know if Netscape 4 has such vulnerabilities. IE was reported as having such a vulnerability last year. It is certainly not the case that you only need to worry about sites you visit, since given such a browser vulnerability anyone who happens to control or take control of a router between you and your bank can hijack what you think are secure connections. Attackers on your local network could even spoof ARP traffic to make your system think that theirs is the router. It's a tough world out there. Cheers, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
