On 12/16/2008 04:45 PM, Barry Edwin Gilmour wrote:
> Barry Edwin Gilmour wrote:
>> NoOp wrote:
>>> On 12/15/2008 08:34 PM, Barry Edwin Gilmour wrote:
>>>    
>>>> NoOp wrote:
>>>>      
>>>>> On 12/15/2008 02:58 PM, NoOp wrote:
>>>>>
>>>>>        
>>>>>> On 12/13/2008 08:34 PM, Justin Wood (Callek) wrote:
>>>>>>
>>>>>>
>>>>>>          
>>>>>>> Of note to everyone here is that Mozilla (SeaMonkey, Firefox etc.)
>>>>>>> report EVERY security bug once fixed and what it was. Some companies
>>>>>>> like IE, Apple, and possibly even Google (for chrome -- no data), if a
>>>>>>> security bug is only ever found and reported internally, they won't make
>>>>>>> it even known that it _ever_ existed. Where we do and fix it anyway. It
>>>>>>> is a very open community, therefore the potential for others to
>>>>>>> accurately gauge what bugs are fixed on our side is high, whereas on
>>>>>>> Microsoft or Apple's side is relatively low.
>>>>>>>
>>>>>>>
>>>>>>>            
>>>>>> Agree.
>>>>>>
>>>>>> Along these lines, this might be of interest to try with SeaMonkey...
>>>>>>
>>>>>> http://www.info-svc.com/news/2008/12-12/
>>>>>> [Google Chrome Receives Lowest Password Security Score]
>>>>>>     http://www.info-svc.com/news/2008/12-12/pm-evaluator/
>>>>>> [Password Manager Evaluator v2.0]
>>>>>>
>>>>>> If I get some time later I'll try it with SM 1.1.14 and 2.0a3pre to see
>>>>>> what the results are.
>>>>>>
>>>>>>
>>>>>>          
>>>>> 1.1.14:
>>>>> Report
>>>>> Test Performed    Result
>>>>> Action Authority Checked on Retrieval     FAILED
>>>>> Action Authority Checked on Save  FAILED
>>>>> Action Authority Raises Warnings  FAILED
>>>>> Action Path Checked on Retrieval  FAILED
>>>>> Action Path Checked on Save       FAILED
>>>>> Action Scheme Checked on Retrieval        FAILED
>>>>> Action Scheme Checked on Save     FAILED
>>>>> Action Scheme Raises Warnings     FAILED
>>>>> Action Scheme Prevented if Unsafe         FAILED
>>>>> Autocomplete=Off Prevents Form Fills      FAILED
>>>>> Invisiblility Prevents Form Fills         PASSED
>>>>> Method Checked on Retrieval       FAILED
>>>>> Method Raises Warnings    FAILED
>>>>> Multiple Paths Per User Per Authority     FAILED
>>>>> Multiple Ports Per User Per Host  FAILED
>>>>> Multi. Schemes Per User Per Authority     FAILED
>>>>> Page Path Checked on Retrieval    FAILED
>>>>> Random Name Attr. Prevents Form Fills     PASSED
>>>>> User Required for PW Retrieval    FAILED
>>>>> User Required for PW Save         FAILED
>>>>> Valid URIs Don't Break Anything   PASSED
>>>>>
>>>>> I reckon I'll run the test again to make sure that I did everything
>>>>> correct.
>>>>>
>>>>>        
>>>> Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1b3pre) Gecko/20081215
>>>> Lightning/1.0pre SeaMonkey/2.0a3pre ID:20081215000501
>>>> Report
>>>> Action Authority Checked on Retrieval    FAILED
>>>> Action Authority Checked on Save     FAILED
>>>> Action Authority Raises Warnings     FAILED
>>>> Action Path Checked on Retrieval     FAILED
>>>> Action Path Checked on Save     FAILED
>>>> Action Scheme Checked on Retrieval     FAILED
>>>> Action Scheme Checked on Save     FAILED
>>>> Action Scheme Raises Warnings     FAILED
>>>> Action Scheme Prevented if Unsafe     PASSED
>>>> Autocomplete=Off Prevents Form Fills     FAILED
>>>> Invisiblility Prevents Form Fills     PASSED
>>>> Method Checked on Retrieval     FAILED
>>>> Method Raises Warnings     FAILED
>>>> Multiple Paths Per User Per Authority    FAILED
>>>> Multiple Ports Per User Per Host     FAILED
>>>> Multi. Schemes Per User Per Authority    FAILED
>>>> Page Path Checked on Retrieval     FAILED
>>>> Random Name Attr. Prevents Form Fills    PASSED
>>>> User Required for PW Retrieval     FAILED
>>>> User Required for PW Save     FAILED
>>>> Valid URIs Don't Break Anything     PASSED
>>>>
>>>>      
>>>
>>> Hmmm... Perhaps one of the developers can run as well&  see if: 1) they
>>> get the same results (I got the same as you with 2.0a3pre), and 2) if
>>> perhaps they can comment on the test. Perhaps if the test is flawed they
>>> can contact the info-svc.com folks to modify the tests accordingly?
>>>
>>>    
>> The tests do highlight each browsers security-methods:-
>>
>> http://us.f13.yahoofs.com/bc/486c50ed_117b7/bc/Miscellaneous/passwd-evaluator.html?bffgDSJBHy5VqBbo
> My bad! that link is inaccessible.

It's OK, I read the methods & also tested with the expanded
explainations turned on. I'm just hoping for a 'developer' (Ping
Robert?) to test and provide feedback.


_______________________________________________
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Reply via email to