Re: Iceweasel updates
On Mon 02 Nov 2015 at 14:17:39 +0100, Vincent Lefevre wrote:
> On 2015-11-02 13:03:14 +0000, Brian wrote:
> > The reason you advance is probably the one which bank's IT section would
> > give if you asked them. Quite how a user's browser can compromise the
> > security of the site itself is unlikely to be explained.
>
> The user's browser cannot compromise the site itself. But a security
> bug may permit an attacker to get the user's login and password, and
> neither the bank nor the user would like this.
Would this obtaining of the password be before or after encryption
takes place?
> > The OP could look at
> >
> > https://wiki.debian.org/Iceweasel#User-Agent_string
>
> Note that if the user tries to overrides the bank security decision
> and has his bank account compromised, he will probably get the full
> responsibility. I would definitely not recommend to do this.
I'd maintain the bank's decision on which user-agent to accept has
little or nothing to do with security.
Reply to: