On 2011-09-08 22:36, Kevin Chadwick wrote:
On Thu, 08 Sep 2011 21:23:50 +0200
polishcode<[email protected]> wrote:
Please refer to the link I supplied above:
http://my.opera.com/securitygroup/blog/2011/08/30/when-certificate-authorities-are-hacked-2.
What else could it transmit? Everything or nothing.
False sense of security is worse than no security. Opera is arguably
better but still pointless without a secure connection. If the
connection is not secured by Opera then an attacker can just forge the
content, If it is secured then Opera can send back anything they like
such as your browser history or worse for all we know.
One more thing, just theoretical one. A user of a given program can
*only trust* that a given program does only what it is supposed to do.
Remember tracking of mobile devices in Android, IPhones etc.? So the
non-existence of encrypted channel for CRL in, let's say Firefox (just
an example, take whatever program you want), does not mean it is not
reporting anything back to the manufacturer.
BR,
polishcode
--
You received this message because you are subscribed to the Google Groups "Android
Security Discussions" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/android-security-discuss?hl=en.
