[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Iceweasel updates

On Mon 02 Nov 2015 at 14:17:39 +0100, Vincent Lefevre wrote:

> On 2015-11-02 13:03:14 +0000, Brian wrote:
> > The reason you advance is probably the one which bank's IT section would
> > give if you asked them. Quite how a user's browser can compromise the
> > security of the site itself is unlikely to be explained.
> 
> The user's browser cannot compromise the site itself. But a security
> bug may permit an attacker to get the user's login and password, and
> neither the bank nor the user would like this.

Would this obtaining of the password be before or after encryption
takes place?

> > The OP could look at
> > 
> >   https://wiki.debian.org/Iceweasel#User-Agent_string
> 
> Note that if the user tries to overrides the bank security decision
> and has his bank account compromised, he will probably get the full
> responsibility. I would definitely not recommend to do this.

I'd maintain the bank's decision on which user-agent to accept has
little or nothing to do with security.
Reply to: