A wifi MITM attacker can steal all the passwords you have saved on
http sites, by sending you to fake versions of each site and watching
what the browser fills into the form.
You're safe iff you initially saved the password from an https page,
or if the site now uses STS, or maybe if you're
El 11/04/12 02:59, Adrienne Porter Felt a...@berkeley.edu escribió:
I'd like to propose the following based on discussions at Berkeley with
others about camera access:
-- The OS provides two trusted UI buttons. One has a photo icon, and the
other has a recording icon. Applications can embed
El 11/04/12 06:07, Jonas Sicking jo...@sicking.cc escribió:
4. If the page isn't in fullscreen mode, and is contained in an
iframe (or frame) never allow the lock request.
Currently Gaia and OWD Apps run in independent iframes which are children
of the top level browsing context ... Thus I
Hi,
I agree with Gerv that #1 seems good.
#2, i have a slight concern about history leakage but don't think
this is an issue for correctly set up STS sites, and this isn't
an issue with the actual proposal here - which seems like a good
addition to #1
I also agree with Gerv that #3 definitely
*Hello Everyone:
I am Eric Chen from CMU. We are working on a paper that is closely related
to the topic of this discussion, so I thought I should bring it up. Our
paper describes an attack that automatically crawls the password manager of
an user inside an unsecure wireless network. The attack
On Apr 10, 2012, at 9:07 PM, Jonas Sicking wrote:
On Tue, Apr 10, 2012 at 4:59 PM, Lucas Adamski ladam...@mozilla.com wrote:
== Regular web content (unauthenticated) ==
Use cases for unauthenticated code: Prevent screen orientation from changing
when playing a game utilizing device motion
On 4/11/12 12:54 AM, Jesse Ruderman wrote:
1) If a site sends an STS header, and the user has any data (cookies,
passwords, etc) that are not https-only, immediately mark that data as
https-only. (This helps if a site uses STS, but the user's privacy
settings cause the password storage to
Per all the comments we received, we have updated the feature page for
Opt-in activation for plugins. Specifically:
https://wiki.mozilla.org/Opt-in_activation_for_plugins#2._Users_.26_use_cases
There are still a number of open questions and we'd like discuss this
with UX to figure out what
Name of API: Web Telephony
References:
https://wiki.mozilla.org/WebAPI/WebTelephony
*B2G Meta telephony bug https://bugzilla.mozilla.org/show_bug.cgi?id=699235
*Web Telephony meta bug: https://bugzilla.mozilla.org/show_bug.cgi?id=674726
Brief purpose of API: Make and receive phone calls
Name of API: Vibration
Reference: http://dev.w3.org/2009/dap/vibration/
Brief purpose of API: Let content activate the vibration motor
Inherent threats: Obnoxious if mis-used, consume extra battery
Threat severity: low
== Regular web content (unauthenticated) ==
Use cases for unauthenticated
On Wed, Apr 11, 2012 at 5:46 PM, Lucas Adamski ladam...@mozilla.com wrote:
How do we determine a size/shape/lookfeel of this button that will work
with a wide variety of apps? I browsed around a bit and it seems like
camera apps use a wide variety of button shapes/colors for the shutter.
11 matches
Mail list logo