[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: where is netscape 4 in testing?

On Tue, Sep 09, 2003 at 09:00:28PM +0200, Joerg Rossdeutscher wrote:
> Am So, 2003-09-07 um 23.44 schrieb Colin Watson:
> > On Sun, Sep 07, 2003 at 09:46:02PM +0200, Joerg Rossdeutscher wrote:
> > > Am So, 2003-09-07 um 21.11 schrieb Mario Vukelic:
> > > >  You probably don't even get security fixes fo NS 4 anymore! 
> > > 
> > > Uninteresting, since one would use NS4 only with the bank's site. They
> > > don't need to hack me. They own everything I have... :-)
> > 
> > Whoa, sure it's interesting. Consider a man-in-the-middle SSL attack:
> > now somebody else owns everything you have.
> 
> So nothing changes, I still don't own anything. :-)
> 
> I always thought with a SSL-connection the man in the middle just gets
> useless "binary trash"? Am I wrong?

A "man-in-the-middle attack" *means* that the man in the middle exploits
a flaw in the system - such as a buggy browser - to get more than that.

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]
Reply to: