On Mon, 8 Sep 2008, Adam Shostack wrote:
What makes now the perfect time to address an issue which has been
present for quite soem time?
I'd turn that question around, and ask what makes now such a bad time to
address an issue that's been present (and not addressed) for quite some
time... ?
Darren J Moffat [EMAIL PROTECTED] writes:
I believe the only way both of these highly dubious deployment practices will
be stamped out is when the browsers stop allowing users to see such web pages.
Unfortunately I think the only way it (and a pile of other things as well) may
get stamped out
Excerpt:
The Americans have joined the campaign to save Bletchley Park, the
home of code breaking during the Second World War, as well as of
Britain's computing heritage, with IBM and computer security
specialist PGP already pledging 57,000 pounds (about $100,000) to
secure the
Peter Gutmann writes, in part:
-+
| ... - the rate-limiting step is the fact that
| the crooks simply can't use all the stolen identities
| they have, not any security measures that may be present.
| ...
To my knowledge, you are correct. It seems that the
price
Dear security experts:
Suppose I want to use the HTML syntax and a plain web browser as a user
interface for a secure application. By secure, I mean, among other
things, that the application service provider is confident that the user
sees the HTML contents without integrity vulnerabilities.
* Peter Gutmann:
On a semi-related topic, it'd be interesting to get some discussion about FF3
removing the FF2 SSL indicators of the padlock and (more visibly) the
background colour-change for the URL bar when SSL is active and replacing it
with a spoof-friendly indicator that's part of
[Moderator's note: I posted on this earlier, but I really do want to
see Bletchley Park maintained... :) --Perry]
IBM and PGP have donated $100,000 to help restore and maintain
Bletchley Park as a museum. This money is intended to get others
involved - millions more will be needed.
Peter Gutmann wrote:
Unfortunately I think the only way it (and a pile of other things as well) may
get stamped out is through a multi-pronged approach that includes legislation,
and specifically properly thought-out requirements rather than big-business-
bought legislation like UCITA/UCC or
On Tue, Sep 09, 2008 at 01:52:30PM -0500, Thierry Moreau wrote:
Here is a simple exploit which alters the ietf.org main page. Insert the
following four lines
[...]
to the file /usr/lib/firefox/res/html.css
[...]
OK, this requires root access because the Linux community is generally