[132855] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: More US bank silliness

daemon@ATHENA.MIT.EDU (Florian Weimer)
Tue Sep 9 16:14:13 2008

From: Florian Weimer <fw@deneb.enyo.de>
To: pgut001@cs.auckland.ac.nz (Peter Gutmann)
Cc: cryptography@metzdowd.com
Date: Tue, 09 Sep 2008 21:26:46 +0200
In-Reply-To: <E1KcKKc-0000Fm-D1@wintermute01.cs.auckland.ac.nz> (Peter
	Gutmann's message of "Mon, 08 Sep 2008 01:29:34 +1200")

* Peter Gutmann:

> On a semi-related topic, it'd be interesting to get some discussion about FF3 
> removing the FF2 SSL indicators of the padlock and (more visibly) the 
> background colour-change for the URL bar when SSL is active and replacing it 
> with a spoof-friendly indicator that's part of the favicon, i.e. part of the 
> attacker-controlled content.

To keep this in perspective, note that you could disable the location
bar altogether in FF2 (and that default changed in FF3), so the FF3
approach is actually an improvement.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[132855] in cryptography@c2.net mail archive

Re: More US bank silliness

daemon@ATHENA.MIT.EDU (Florian Weimer)Tue Sep 9 16:14:13 2008

daemon@ATHENA.MIT.EDU (Florian Weimer)
Tue Sep 9 16:14:13 2008