Re: where is netscape 4 in testing?
On Tue, Sep 09, 2003 at 09:00:28PM +0200, Joerg Rossdeutscher wrote:
> Am So, 2003-09-07 um 23.44 schrieb Colin Watson:
> > On Sun, Sep 07, 2003 at 09:46:02PM +0200, Joerg Rossdeutscher wrote:
> > > Am So, 2003-09-07 um 21.11 schrieb Mario Vukelic:
> > > > You probably don't even get security fixes fo NS 4 anymore!
> > >
> > > Uninteresting, since one would use NS4 only with the bank's site. They
> > > don't need to hack me. They own everything I have... :-)
> >
> > Whoa, sure it's interesting. Consider a man-in-the-middle SSL attack:
> > now somebody else owns everything you have.
>
> So nothing changes, I still don't own anything. :-)
>
> I always thought with a SSL-connection the man in the middle just gets
> useless "binary trash"? Am I wrong?
A "man-in-the-middle attack" *means* that the man in the middle exploits
a flaw in the system - such as a buggy browser - to get more than that.
Cheers,
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: