Re: SSL Exploit: Mozilla family no better than the rest of the pack

2011-09-30 Thread Ray_Net
Robert Kaiser wrote: Ray_Net schrieb: How to kill Java on my machine (win7) and/or when using IE(or SM) On SM it should be as easy as going into the Add-ons Manager, select Plugins, and deactivate it from there. No idea about Windows/IE as I keep my hands off proprietary software as much as I

Re: SSL Exploit: Mozilla family no better than the rest of the pack

2011-09-30 Thread NoOp
On 09/30/2011 07:17 AM, Robert Kaiser wrote: > NoOp schrieb: >> I'm not sure I fully understand (or probably ever will)... >> >> {(CVE-2011-3389) Rizzo/Duong chosen plaintext attack on SSL/TLS 1.0 >> (facilitated by websockets -76)] >> doesn't s

Re: SSL Exploit: Mozilla family no better than the rest of the pack

2011-09-30 Thread Robert Kaiser
NoOp schrieb: I'm not sure I fully understand (or probably ever will)... {(CVE-2011-3389) Rizzo/Duong chosen plaintext attack on SSL/TLS 1.0 (facilitated by websockets -76)] doesn't seem to indicate java, but instead nss as being the issue. So

Re: SSL Exploit: Mozilla family no better than the rest of the pack

2011-09-30 Thread Robert Kaiser
Ray_Net schrieb: How to kill Java on my machine (win7) and/or when using IE(or SM) On SM it should be as easy as going into the Add-ons Manager, select Plugins, and deactivate it from there. No idea about Windows/IE as I keep my hands off proprietary software as much as I can. Robert Kaiser

Re: SSL Exploit: Mozilla family no better than the rest of the pack

2011-09-30 Thread Ray_Net
Robert Kaiser wrote: NoOp schrieb: Blocking all versions of Java on all versions of Firefox + SeaMonkey? Yes. Seriously? Yes, as it's a security hazard and we don't know of any plans of Oracle to fix it. Are you referring to this: https://bugzilla.mozilla.org/show_bug.cgi?id=689661 [Bloc

Re: SSL Exploit: Mozilla family no better than the rest of the pack

2011-09-30 Thread Ray_Net
THAT'S NOT an answer - PLEASE REFRAIN TO INSIST - YOU DID NOT FOLLOW THE ETIQUETTE WHEN NOT ANSWERING. NoOp wrote: On 09/29/2011 05:27 PM, d...@kd4e.com wrote: In addition to HTML 5 supposedly displacing some of the needs for Java, wasn't there a project of some sort that provided for an open-

Re: SSL Exploit: Mozilla family no better than the rest of the pack

2011-09-30 Thread Lucas Levrel
Le 29 septembre 2011, d...@kd4e.com a écrit : In addition to HTML 5 supposedly displacing some of the needs for Java, wasn't there a project of some sort that provided for an open-source substitute for Java ... or was that just a silly dream? There exists IcedTea (at least on Linux, which you

Re: SSL Exploit: Mozilla family no better than the rest of the pack

2011-09-29 Thread NoOp
On 09/29/2011 05:27 PM, d...@kd4e.com wrote: > In addition to HTML 5 supposedly displacing some of the needs for Java, > wasn't there a project of some sort that provided for an open-source > substitute for Java ... or was that just a silly dream? > I think that you've been reminded of this befor

Re: SSL Exploit: Mozilla family no better than the rest of the pack

2011-09-29 Thread NoOp
On 09/29/2011 05:12 PM, Robert Kaiser wrote: > NoOp schrieb: >> Thanks for the clarification. Java goes off until either Mozilla and/or >> Oracle fix _their_ issues. > > To be clear, those issues are completely on Oracle's side, the Mozilla > code doesn't have an issue wrt Java, and the other maj

Re: SSL Exploit: Mozilla family no better than the rest of the pack

2011-09-29 Thread d...@kd4e.com
In addition to HTML 5 supposedly displacing some of the needs for Java, wasn't there a project of some sort that provided for an open-source substitute for Java ... or was that just a silly dream? Thanks for the clarification. Java goes off until either Mozilla and/or Oracle fix _their_ issues.

Re: SSL Exploit: Mozilla family no better than the rest of the pack

2011-09-29 Thread Robert Kaiser
NoOp schrieb: Thanks for the clarification. Java goes off until either Mozilla and/or Oracle fix _their_ issues. To be clear, those issues are completely on Oracle's side, the Mozilla code doesn't have an issue wrt Java, and the other major plugins are safe as well as we found out. The Java p

Re: SSL Exploit: Mozilla family no better than the rest of the pack

2011-09-29 Thread NoOp
On 09/29/2011 03:50 PM, Robert Kaiser wrote: > NoOp schrieb: >> Blocking all versions of Java on all versions of Firefox + SeaMonkey? > > Yes. > >> Seriously? > > Yes, as it's a security hazard and we don't know of any plans of Oracle > to fix it. > >> Are you referring to this: >> https://bug

Re: SSL Exploit: Mozilla family no better than the rest of the pack

2011-09-29 Thread Robert Kaiser
NoOp schrieb: Blocking all versions of Java on all versions of Firefox + SeaMonkey? Yes. Seriously? Yes, as it's a security hazard and we don't know of any plans of Oracle to fix it. Are you referring to this: https://bugzilla.mozilla.org/show_bug.cgi?id=689661 [Block Java Plugin due to

Re: SSL Exploit: Mozilla family no better than the rest of the pack

2011-09-29 Thread NoOp
On 09/29/2011 07:44 AM, Robert Kaiser wrote: > Paul B. Gallagher schrieb: >> HACKERS BREAK SSL ENCRYPTION USED BY MILLIONS OF SITES > > That doesn't sounds correct. Firefox itself is not affected at all when > WebSockets are turned off. And WebSockets are not used by millions of > sites. It look

Re: SSL Exploit: Mozilla family no better than the rest of the pack

2011-09-29 Thread Robert Kaiser
Paul B. Gallagher schrieb: HACKERS BREAK SSL ENCRYPTION USED BY MILLIONS OF SITES That doesn't sounds correct. Firefox itself is not affected at all when WebSockets are turned off. And WebSockets are not used by millions of sites. It looks like the Java plugins is affected though and we are

Re: SSL Exploit: Mozilla family no better than the rest of the pack

2011-09-28 Thread sean nathan bean
Paul B. Gallagher sent me the following:: HACKERS BREAK SSL ENCRYPTION USED BY MILLIONS OF SITES == Beware of BEAST decrypting secret PayPal cookies By Dan Goodin in San Francisco Posted in ID, 19th September 2011 21:10 GMT Researchers have di

Re: SSL Exploit: Mozilla family no better than the rest of the pack

2011-09-23 Thread NoOp
On 09/23/2011 11:00 AM, NoOp wrote: > On 09/23/2011 04:19 AM, Justin Wood (Callek) wrote: >> On 9/23/2011 5:36 AM, Paul B. Gallagher wrote: >> ... >>> Full article (Mozilla stuff on p. 2): >>> >>> >> >> ALSO >> http://threatpost.

Re: SSL Exploit: Mozilla family no better than the rest of the pack

2011-09-23 Thread NoOp
On 09/23/2011 04:19 AM, Justin Wood (Callek) wrote: > On 9/23/2011 5:36 AM, Paul B. Gallagher wrote: > ... >> Full article (Mozilla stuff on p. 2): >> >> > > ALSO > http://threatpost.com/en_us/blogs/new-attack-breaks-confidential

Re: SSL Exploit: Mozilla family no better than the rest of the pack

2011-09-23 Thread Jay Garcia
On 23.09.2011 04:36, Paul B. Gallagher wrote: --- Original Message --- > HACKERS BREAK SSL ENCRYPTION USED BY MILLIONS OF SITES > == > Beware of BEAST decrypting secret PayPal cookies > > By Dan Goodin in San Francisco > Posted in ID, 19th Sep

Re: SSL Exploit: Mozilla family no better than the rest of the pack

2011-09-23 Thread Justin Wood (Callek)
On 9/23/2011 5:36 AM, Paul B. Gallagher wrote: ... Full article (Mozilla stuff on p. 2): ALSO http://threatpost.com/en_us/blogs/new-attack-breaks-confidentiality-model-ssl-allows-theft-encrypted-cookies-091611 Lastly, It is

SSL Exploit: Mozilla family no better than the rest of the pack

2011-09-23 Thread Paul B. Gallagher
HACKERS BREAK SSL ENCRYPTION USED BY MILLIONS OF SITES == Beware of BEAST decrypting secret PayPal cookies By Dan Goodin in San Francisco Posted in ID, 19th September 2011 21:10 GMT Researchers have discovered a serious weakness in virtually al