On 04/05/09 20:27, Andrews, Rick wrote:
Are there any safeguards in place to prevent this hack from succeeding?
Of course not. Code is code - you can make it do anything. It's just
ones and zeroes. They could make the hacked version show your evil
website while having the URL bar display
Hi,
Let's say I'm a hacker with access to a public kiosk,
[...]
I then install that version of Firefox on the kiosk.
Simple: You should not be able to do that (if the kiosk is correctly
configured). If the hacker can install arbitrary code, he could also
install a rootkit with a keylogger or
A customer asked this question, and I couldn't answer it.
Let's say I'm a hacker with access to a public kiosk, and I want users
of that kiosk to see the EV green toolbar when they use the kiosk to
visit my hacked web site. My web site is configured with an SSL cert
signed by my own root.
I
in a public
computer because a
hacked browser may steal it it.
Anders
- Original Message -
From: Andrews, Rick randr...@verisign.com
To: dev-tech-crypto@lists.mozilla.org
Sent: Monday, May 04, 2009 21:27
Subject: Hacking Firefox
A customer asked this question, and I couldn't answer it.
Let's
On 2009-05-04 12:27, Andrews, Rick wrote:
A customer asked this question, and I couldn't answer it.
Let's say I'm a hacker with access to a public kiosk, and I want users
of that kiosk to see the EV green toolbar when they use the kiosk to
visit my hacked web site. My web site is configured
On 4/5/09 22:04, Nelson Bolyard wrote:
A very similar hack has already been done. It's a Firefox extension that
(IIRC) silently installs some roots and shows the green bar for
(some of) the certs that chain up to those roots. See it at
https://addons.mozilla.org/en-US/firefox/addon/4828
Nice,
Ian G wrote, On 2009-05-04 13:26:
On 4/5/09 22:04, Nelson Bolyard wrote:
A very similar hack has already been done. It's a Firefox extension
that (IIRC) silently installs some roots and shows the green bar for
(some of) the certs that chain up to those roots. See it at
7 matches
Mail list logo
