Hi Mitchell RE: If you're talking about an attacker sitting at the victim's keyboard, there's nothing we can do about that.
I am concerned with tampering at the local workstation because it requires so little expertise to replace the logon XUL/javascript dialogs to capture passwords, etc. I understand that it is probably impossible (???) to prevent/identify any binary OS/Mozilla components being replaced but with XUL/ javascript its virtually an open invitation for unskilled hackers to undermine the security of the organisation they work for - assuming Mozilla files are installed locally. I'm only tying to address one of the more obvious objections to Mozilla that IT managers may raise. That all :) PS Don't get me wrong. I'm a Mozilla fan!! Mitchell Stoltz" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > rvj wrote: > > My concern with Mozilla is the ability of almost any javascript hacker to > > replace some of the chrome files > > Replace chrome files how? Do you know of a way for an attacker to do > this remotely? If so, please let me know, as we consider that very > serious. If you're talking about an attacker sitting at the victim's > keyboard, there's nothing we can do about that. > > > > Unlike modifying C++ components (operating system or otherwise) , javascript > > hacking requires VERY little experise > > to capture passwords etc. > > Again, that assumes the attacker has a way of replacing those files. If > they have a way of replacing files, they could replace chrome or native > components, or the whole OS for that matter. > > -Mitch >