Worse,
they offer development tools for building add-ons which build in their
"tracking" features. So there may be Mozilla add-ons with their
tracking code that aren't labelled as being from "wips.com".
Once the tracking code has been identified, all add-ons need to
be ch
ng bars like that are seen on multi-level secure systems in some
DoD environments. (They say things like "SECRET NOFORN" in that
environment.) There's no way to turn them off.
John Nagle
"Work for mankind, not for the man" - Mozil
irewall is listening in, the
user is informed. This is consistent with Mozilla's
"work for mankind, not the man" policy.
John Nagle
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
uot; and ".net".
If someone is mounting an attack, it would probably be in those TLDs.
If Network Solutions wants an exception for "grandfathered"
domain names, let them publish a list of those domains for public
comment. Is the problem big enough to worry about?
entation effort, there don't seem to be all
that many IDN domains.
John Nagle
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
mmunity members work for
companies with that kind of policy.
Any bypass mechanism should result in a user-visible display.
Perhaps a notification like "Your access to this page is being
observed by "
John Nagle
___
-3372
They're not a CA trusted by Mozilla, apparently.
John Nagle
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
On 6/29/2012 5:44 PM, Devdatta Akhawe wrote:
If we proxy the requests, I would recommend opt out (on by default).
Why not try implementing this as an add-on and see if anybody
uses it?
John Nagle
___
dev-security
On 6/21/2012 3:40 PM, Kevin Chadwick wrote:
I don't see why multiple standard queries has
any bearing, dns queries are cheap.
No-find TLD queries are surprisingly slow. Try a few.
John Nagle
___
dev-sec
x27;193.223.78.213', 80)]
TO -- [('216.74.32.107', 80)]
UZ -- [('91.212.89.8', 80)]
VI -- [('193.0.0.198', 80)]
WS -- [('64.70.19.33', 80)]
XN--O3CW4H -- [('203.146.249.130', 80)] (ไทย, the Thai TLD.)
About half of those IP addresses have a live web
nk.
Google Chrome has a different (and probably better) system
for resolving this ambiguity - it asks you which one you want.
John Nagle
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
On 6/15/2012 4:36 AM, Gervase Markham wrote:
On 14/06/12 19:55, John Nagle wrote:
Top-level A records are already allowed. Try
http://ai/
The CCTLDs have a different arrangement with ICANN from the GTLDs. ICANN
has a lot less control over them. Can you find a GTLD where there is a
would generate? If every single-word
search query goes out as a DNS query, each new word makes it to
the root servers as a TLD query before generating an NXDOMAIN reply.
Will this DDOS the DNS root servers?
John
people
are expecting that, or can you point to the place in the ICANN
guidelines about these TLDs where top-level A records are allowed?
Top-level A records are already allowed. Try
http://ai/
John Nagle
_
On 6/6/2012 8:13 AM, Johnathan Nightingale wrote:
On Jun 6, 2012, at 2:32 AM, John Nagle wrote:
On 6/5/2012 9:34 AM, Gervase Markham wrote:
On 04/06/12 19:10, John Nagle wrote:
Single-word domain names are about to become a common form of
URL.
Until now, this was mostly a curiosity
27;s quite common, though, for a big name to
be on the list for a day or two. For example, "flickr.com"
and "tinyurl.com" were on the list for a few hours recently.
"charter.com" was on for a week. Is Mozilla willing to pull
a mzjor site from a whitelis
or.
Whitelisting has problems of its own. At one point,
the Google Toolbar was widely considered spyware. Google would
be unlikely to blacklist their own product.
John Nagle
___
dev-security maili
On 6/5/2012 9:34 AM, Gervase Markham wrote:
On 04/06/12 19:10, John Nagle wrote:
Single-word domain names are about to become a common form of
URL.
IMO, Mozilla should not be in favour of this type of word hijacking.
"www.nike", fine. Bare "nike", no. But then, maybe it
On 6/4/2012 12:34 PM, Zack Weinberg wrote:
On 2012-06-04 12:29 PM, John Nagle wrote:
The main change is that, for today's TLDs, few bare TLDs resolve
to an IP address. Corporate TLDs ("facebook", "pepsi", etc.)
probably will resolve to an IP address.
Are you aware o
On 6/4/2012 12:11 PM, Boris Zbarsky wrote:
On 6/4/12 2:10 PM, John Nagle wrote:
Is DNS always preferred over search?
At the moment, yes. Otherwise lots of intranet stuff that uses search
domains would fail too.
OK, that's good enough for now.
The main change is that, for to
gest" use DNS information?
John Nagle
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
On 4/26/2012 1:07 PM, alex.mayo...@gmail.com wrote:
On Thursday, April 19, 2012 9:21:14 PM UTC-5, ianG wrote:
On 20/04/12 06:13 AM, Wan-Teh Chang wrote:
On Thu, Apr 19, 2012 at 12:39 PM, John Nagle wrote:
Check out
https://easyabc.95599.cn/commbank/netBank/zh_CN/CommLogin.asp
which is the
Check out
https://easyabc.95599.cn/commbank/netBank/zh_CN/CommLogin.aspx
which is the Agricultural Bank of China. They have
an EV cert signed by Mozilla, but Mozilla isn't displaying the
correct info.
John Nagle
Site
have never seen this warning
before for this site.
John Nagle
SiteTruth
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
On 3/29/2012 6:13 PM, ianG wrote:
On 30/03/12 02:38 AM, John Nagle wrote:
On 3/29/2012 3:42 AM, Kevin Chadwick wrote:
On Tue, 27 Mar 2012 18:29:29 -0700 John Nagle wrote:
Anything that takes a credit card should have at least
"organization validated".
Can you actually think o
On 3/29/2012 3:42 AM, Kevin Chadwick wrote:
On Tue, 27 Mar 2012 18:29:29 -0700
John Nagle wrote:
Anything that takes a credit card should have at least "organization validated".
Can you actually think of a reason for that?
Anonymous online businesses are illegal.
It
per
signing, they're far too expensive for blogs.
John Nagle
SiteTruth
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
n should be restricted to that domain, and that
needs to be enforced.
There's a discussion on sub-CA policy going on now over on
mozilla.dev.security.policy. Check that out.
John Nagle
ion now, in SiteTruth's browser add-ons.
We look up the business specified in the cert, and check out
its identity, location and financials. We're looking forward
to tightening up the rules after July 12.
John Nagle
29 matches
Mail list logo