Re: where is netscape 4 in testing?
On Sun, Sep 07, 2003 at 09:46:02PM +0200, Joerg Rossdeutscher wrote:
> Am So, 2003-09-07 um 21.11 schrieb Mario Vukelic:
> > You probably don't even get security fixes fo NS 4 anymore!
> Uninteresting, since one would use NS4 only with the bank's site. They
> don't need to hack me. They own everything I have... :-)
Whoa, sure it's interesting. Consider a man-in-the-middle SSL attack:
now somebody else owns everything you have.
This is a real example, although I don't know if Netscape 4 has such
vulnerabilities. IE was reported as having such a vulnerability last
year. It is certainly not the case that you only need to worry about
sites you visit, since given such a browser vulnerability anyone who
happens to control or take control of a router between you and your bank
can hijack what you think are secure connections. Attackers on your
local network could even spoof ARP traffic to make your system think
that theirs is the router. It's a tough world out there.
Colin Watson [email@example.com]