A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)

Amir Herzberg herzbea at macs.biu.ac.il
Thu Feb 10 02:52:06 EST 2005


Taral wrote:
> On Wed, Feb 09, 2005 at 07:41:36PM +0200, Amir Herzberg wrote:
> 
>>Want to protect your Mozilla/FireFox from such attacks? Install our 
>>TrustBar: http://TrustBar.Mozdev.org
>>(this was the first time that I had a real reason to click the `I don't 
>>trust this authority` button...)
>>
>>Opinions?
> 
> 
> Why should I trust you? Filtering xn--* domains works for me, and
> doesn't require that I turn my browser over to unreviewed, possibly
> buggy code.

Sorry if I was not clear: I don't propose you install TrustBar because 
YOU need it as a solution. Many people on this list are security/crypto 
experts, interested in finding good solutions (for all/many users, not 
just for themselves), and my message was for them. And yes, while 
TrustBar works fine for me and apparently quite a few others, the 
current code is only a research prototype (on the other hand, I had 
already the good fortune of seeing similar research code being adopte3d 
by many products... e.g. with our IP-Sec code).

Best, Amir
> 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list