>It appears the developers have documented some of the plugin's
>technical limitations at
>https://addons.mozilla.org/en-US/firefox/addon/12714/. Is this
>supposed to be original research?
What?
People recommended Force-TLS as protection against sidejacking. I tried it. It
failed. I wouldn't call this "research", nor would I call it a particularly
original idea. Although, I would call it "original" from the perspective that
it
was me who did it, as oppose to reporting on what others had done.
>Hmm.... According to your closing comments, it fails under some
>circumstances (XmlHttp)
What? It failed under all circumstances to prevent sidejacking of Twitter.
>Is it fair to pounce on Rob, grandpa of Ryan, Trevor,
>Devon & Hannah with "it does not work.... read <some blog>"?
Oops, I misunderstood his post. I thought he was recommending them, not asking
about them. I apologize.
>Out of curiosity, did you inform Collin Jackson and Adam Barth, or are
>you waiting for the developers to find <some blog>, much like MustLive
>and his 0-day XSS vulnerabilities?
What? I didn't know that Force-TLS was designed to protect against this
problem.
It doesn't sounds like it from the description.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
