Frank Hecker wrote:
What's your and Dan's motivation for doing that? Because the domain name
as displayed in the address bar may be misleading (e.g., by people doing
tricks to spoof the name as displayed)?
There were several reasons behind the decision. There is discussion in
Jean-Marc Desperrier wrote:
I have some comments about this request, but I'm not sure inside the bug
is the best place. Anyway the bug is about implementing some things that
have been discussed here recently.
I'm not convinced by the let's add another warning side of this bug.
Especially when I
No time to comment, but just note that I had set the follow-up to
npm.security in my newsgroup message. Apparently the mail gateway can't
handle that.
I think it would be better to continue discussing it in .security and
not .crypto.
I unfortunately probably will have to leave the discussion,
On 15 Mar 2005 13:33:53 GMT, Christopher Jahn [EMAIL PROTECTED] wrote:
Allen Farley [EMAIL PROTECTED] wrote in news:d14voe$hug8
@ripley.netscape.com:
Just got these for Mozilla, Firefox and Thunderbird today. All are
listed as 'Save Link Target As... Status Bar Spoofing Weakness' and
all
Christopher Jahn wrote:
Allen Farley [EMAIL PROTECTED] wrote in news:d14voe$hug8
@ripley.netscape.com:
Just got these for Mozilla, Firefox and Thunderbird today. All are
listed as 'Save Link Target As... Status Bar Spoofing Weakness' and
all have the same solution: 'SOLUTION: Never save files
On Tue, 15 Mar 2005 10:51:26 -0500, Allen Farley
[EMAIL PROTECTED] wrote:
From the article:
The weakness has been confirmed in version 1.0.1. Other versions may
also be affected.
I also tested the sample code with FF 1.0.1, and they are right.
It's not unusual for me to save a zip (because I
Nate wrote:
...and it occurs to me yet once again, that one big reason for the
proliferation of spam, spyware, viruses and on and on ad nauseum is
that the bad guys hardly ever suffer any punishment. It's like
burglars being allowed to try as many doors as they want to.
Yup. And, no matter how
Gervase Markham wrote:
Frank Hecker wrote:
What's your and Dan's motivation for doing that? Because the domain
name as displayed in the address bar may be misleading (e.g., by
people doing tricks to spoof the name as displayed)?
There were several reasons behind the decision. There is
HJ wrote:
I have a Yahoo e-mail account, and that uses SSL for logins.
Are you talking about the free Yahoo webmail or paid Yahoo e-mail accounts?
This was Dan's example; and I think he meant the login page was
unencrypted but submitted to an encrypted target. Amazon does this also,
I've
Jean-Marc Desperrier wrote:
I'm not convinced by the let's add another warning side of this bug.
Especially when I see the reporter suggesting to put it inside a pop-up
dialog.
Dialog have proven until now they don't work, so why would this one by
any different ?
As the reporter (I wasn't the
10 matches
Mail list logo
