Axley, Jason wrote:
> I think that this trades one security problem for others in the
> application security realm. Sites that allow for equivalent functional
> duality in either HTTPS or HTTP protocols often suffer from problems
> where the HTTPS site inadvertently references an HTTP URL instead
--- begin forwarded text
Delivered-To: [EMAIL PROTECTED]
Date: Thu, 22 Sep 2005 11:47:03 -0400
To: Philodox Clips List <[EMAIL PROTECTED]>
From: "R.A. Hettinga" <[EMAIL PROTECTED]>
Subject: [Clips] NSA granted Net location-tracking patent
Reply-To: [EMAIL PROTECTED]
Sender: [EMAIL PROTECT
David Wagner writes:
> One thing that web sites could do to help is to always make
> https://www.foo.com work just as well as http://www.foo.com, and
> then browser plug-ins could simply translate http://www.foo.com ->
> https://www.foo.com for all sensitive sites. Of course, web site
> operato
On Sep 21, 2005, at 23:27, Steve Furlong wrote:
If by that you mean, "Program dumb: avoid tricky code, avoid odd
usage, stick to the basics", I agree. Save your clever tricks for
hobby code and the snippets you use to score hot chicks. Critical
code, potentially dangerous code, and professional
Adam Back wrote:
I would think it would be safer to block the site, or provide a
warning dialog.
Before we do the first redirection, we do ask the user. However, since
TrustBar is really part of our research on secure usability, we are
aware that asking the user is a very problematic mechan
In message <[EMAIL PROTECTED]>, Steve Furlong writes:
>
>On a related note, I've worked a bit with avionics and embedded
>medical software. The certification requirements for those bits of
>critical code might be helpful for crypto programming.
>
Not quite. The name of the game is information se