A cool demo of how to spoof sites (also shows how TrustBar preventsthis...)
Amir Herzberg
herzbea at macs.biu.ac.il
Thu Feb 10 03:10:04 EST 2005
Taral wrote:
> On Wed, Feb 09, 2005 at 09:08:45PM +0000, Ian G wrote:
>
>>The plugin is downloadable from a MozDev site,
>>and presumably if enough attention warrants it,
>>Amir can go to the extent of signing it with a
>>cert in Mozilla's code signing regime.
This, of course, is up to Mozilla, not to me... We are trying to get
Mozilla (and other browsers) to adopt the idea. I guess, once they do,
they'll do a review and then sign, as first step towards integrating it
into the browser package (you can't expect to protect all/most users,
including naive, with an extension - signed or not...).
>
>
> That only authenticates that Amir wrote the code, not that the code is
> safe.
Absolutely! And I didn't write the code, btw, Ahmad did. I'm just
writing designs, protocols, proofs, papers... (I like programming but
rarely get to it, I'm afraid).
>
>>Also, as Amir is a relatively well known name in
>>the world of crypto I suppose you could consider
>>his incentives to be more aligned with delivering
>>good code than code that would do you damage.
thanks!
>
> *This* is a reasonable argument, but I'd prefer a second-party review
> before I install anything.
Of course; again: by posting on this list I am exactly encouraging
people to review the code (it is all script so you can just download
TrustBar and read it), write their own better code, etc...
Best, Amir Herzberg
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list