A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)
Taral
taral at taral.net
Wed Feb 9 18:04:26 EST 2005
On Wed, Feb 09, 2005 at 09:08:45PM +0000, Ian G wrote:
> The plugin is downloadable from a MozDev site,
> and presumably if enough attention warrants it,
> Amir can go to the extent of signing it with a
> cert in Mozilla's code signing regime.
That only authenticates that Amir wrote the code, not that the code is
safe.
> Also, as Amir is a relatively well known name in
> the world of crypto I suppose you could consider
> his incentives to be more aligned with delivering
> good code than code that would do you damage.
*This* is a reasonable argument, but I'd prefer a second-party review
before I install anything.
Then again, the only extension I have installed (FlashGot), I manually
checked myself.
--
Taral <taral at taral.net>
This message is digitally signed. Please PGP encrypt mail to me.
A: Because it fouls the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20050209/af8bcb50/attachment.pgp>
More information about the cryptography
mailing list