FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 05-20-2008, 06:49 AM
"Peter Lemenkov"
 
Default FYI: Possibility for SSL spoofing in recent Firefox 3

Hello All!
For those who doesn't read blog at StartCom here is an interesting post:

https://blog.startcom.org/?p=86

Looks like the designers of Firefox 3 did some questionable changes in
design of Firefox 3.

--
With best regards!

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 05-20-2008, 07:18 AM
Mike Cronenworth
 
Default FYI: Possibility for SSL spoofing in recent Firefox 3

-------- Original Message --------
Subject: FYI: Possibility for SSL spoofing in recent Firefox 3
From: Peter Lemenkov <lemenkov@gmail.com>
To: Development discussions related to Fedora <fedora-devel-list@redhat.com>
Date: 05/20/2008 01:49 AM

Hello All!
For those who doesn't read blog at StartCom here is an interesting post:

https://blog.startcom.org/?p=86

Looks like the designers of Firefox 3 did some questionable changes in
design of Firefox 3.


Can ya digg it? (front page would guarantee some public traffic that
would move Mozilla)


http://digg.com/security/Firefox_3_RC1_Allows_Easier_SSL_Spoofing_Mozilla_W on_t_Fix

Added a touch of sensationalism to the title for an added kick.

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 05-20-2008, 07:40 AM
Bruno Wolff III
 
Default FYI: Possibility for SSL spoofing in recent Firefox 3

On Tue, May 20, 2008 at 10:49:56 +0400,
Peter Lemenkov <lemenkov@gmail.com> wrote:
> Hello All!
> For those who doesn't read blog at StartCom here is an interesting post:
>
> https://blog.startcom.org/?p=86
>
> Looks like the designers of Firefox 3 did some questionable changes in
> design of Firefox 3.

If you are looking at colored address bars or padlock icons to decide if
you are at the site you intend to be, you are doing things incorrectly.

Firefox 3 is actually better at letting you check you are at a site you
intend to be, since it lets you both remove all of the root CA's and
allows you to individually save certificates, so that you will actually
notice when you see a new one and can carefully check it if you desire.
This is still clunky, but its actually more useful than just relying on
the site you are visiting paying protection money.

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 05-20-2008, 08:50 PM
"Callum Lerwick"
 
Default FYI: Possibility for SSL spoofing in recent Firefox 3

On Tue, May 20, 2008 at 1:49 AM, Peter Lemenkov <lemenkov@gmail.com> wrote:

Hello All!

For those who doesn't read blog at StartCom here is an interesting post:



https://blog.startcom.org/?p=86



Looks like the designers of Firefox 3 did some questionable changes in

design of Firefox 3.


My Firefox 3 beta 5 straight out of Fedora 9 displays yellow and always has, ever since I upgraded with Fedora 9 Beta. Apparently this change happened in FF 3 RC1? It does sound like a bad idea to me. Fedora 9 does not appear to have bumped up to RC1 as of the yum update I just ran, (I just updated yesterday) so we're safe... for now.


--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 

Thread Tools




All times are GMT. The time now is 06:20 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org