On 12 Aug 2001 20:41:38 +0000, DeMoN LaG wrote:
> If you try to log in with Mozilla/Netscape 6, you get this:
>
> Browser Alert
>
>
> Netscape 6.0 Users: We are currently experiencing problems with the
> latest release of Netscape 6.0. We are working with Netscape to fix
> these problems so you can take full advantage of our site with that
> browser. You can be sure that we will support Netscape 6.0 as soon as
> all the fixes become available.
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> I emailed them about it asking exactly what security concerns they had
> (since Moz supports SSL2 and 3, and 128 bit encryption), and they gave
> told me:
>
> Protecting your credit and personal information is a top priority for
> Capital One. Due to security concerns with the Netscape 6.0 browser,
> Capital One does not currently support this browser. Until these
> security concerns are resolved with Netscape, an alternative browser
> would need to be used to access www.capitalone.com.
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> All they did was dodge my question.
Which is exactly what they are trained to do. All they will give you is
the "company line". More than half the time, the individual who is
responding to your e-mail doesn't have the foggiest clue why the company
they work for has a problem with X item.
> I wanted to know specifically what
> they think is a security concern. I figure I can get the source for the
> browser, I know a fair amount of C/C++, I may be able to fix whatever it
> is they don't like right now. But they have just avoided the issue.
I've been through similiar situations several times. If you want to get
a clear answer from them, you will need to quote the entirety of their
response and indicate in very plain english how there response doesn't
answer your question. Then you need to hope that your e-mail actually
reaches someone that gives a damn.
> Is there anything in Mozilla that is insecure as they
> have suggested, some bug in SSL or something, anything, or are they just
> BSing me and they have got absolutely nothing to back it with?
Nothing that I'm aware of, at least not that hasn't been fixed. A while
ago, Mozilla was lacking complete SSL support. However, that seems to
have been corrected. So, it's most likely a lack of proper detection on
their behalf combined with laziness in testing the newer releases of
Mozilla.
Jamin W. Collins
