Am 09.12.2014 um 20:20 schrieb Bruno Wolff III:
On Tue, Dec 09, 2014 at 19:20:10 +0100, Reindl Harald <h.rei...@thelounge.net> wrote:* Firefox asks too * it is not hard to accept a self signed cert * BUT it is hard enough to defeat the "click OK somewhere" reflexThere should be a way to disable FF's you need to click twice to accept certs that are not signed by authorities it recognizes.
why?to make it easier for phishers to catch the "first click i do not thing as long nothing explodes" users?
if you are too lazy to click twice it can't be that important and hopefully you also would be too lazy if it affects your online banking or other sites asking for your credentials and the time if you no longer too lazy you have left the compromised wireless network
a recent study proved that within *20 minutes 10 % of users* eneterd there *company credentials* in case of a good made phishing to be part of a winning game - until that i thought the large amount of phsing mails are seeking the single idiot out of a million because the mails don#t cost money and i am still shocked about the sad reality
if you would be long enough in the security business you would tend to require sign security relevant questions with it's own blood by any user and hence a "we accept any connection blindly" default is unacceptable in the current IT - it masks the problems by make them worser without *any* intention to solve them
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
