Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq: RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.

RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.

From: Benjamin Franz <snowhare_at_nihongo.org>
Date: Wed, 16 Feb 2005 15:55:09 -0800 (PST)

On Wed, 16 Feb 2005, David Schwartz wrote:
>
> Correct. And the browser vendors gain trust because they only include
> reputable CAs.

Ummm.

No.

'They' (to a good first order approximation: 'Microsoft') are 'trusted'
because 'they' own 90% of the browser market following the abuse of a
desktop OS monopoly to force their applications competition out of the
market.

Defaults are power.

-- 
Benjamin Franz
"All right, where is the answer? The battle of wits has begun.
It ends when you click and we both serve pages - and find out who is right,
and who is slashdotted." - David Brandt

Received on Feb 17 2005

This message: [ Message body ]
Next message: Stefan Paletta: "Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs."
Previous message: Kent Borg: "Re: SHA-1 broken"
In reply to: David Schwartz: "RE: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs."
Next in thread: bkfsec: "Re: International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]