Re: Iceweasel updates

To: debian-user@lists.debian.org
Subject: Re: Iceweasel updates
From: Vincent Lefevre <vincent@vinc17.net>
Date: Tue, 3 Nov 2015 02:57:47 +0100
Message-id: <[🔎] 20151103015747.GA22218@zira.vinc17.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20151102225303.GD18838@copernicus.demon.co.uk>
References: <[🔎] 1446466786.28233.3.camel@gmail.com> <[🔎] 20151102123543.1ca88f30@abydos.stargate.org.uk> <[🔎] 20151102124813.GA19485@zira.vinc17.org> <[🔎] 02112015125815.146458a33a44@desktop.copernicus.demon.co.uk> <[🔎] 20151102131739.GC19485@zira.vinc17.org> <[🔎] 02112015134104.9a0ad95d97d4@desktop.copernicus.demon.co.uk> <[🔎] 20151102135824.GE19485@zira.vinc17.org> <[🔎] 20151102150019.GA18838@copernicus.demon.co.uk> <[🔎] 20151102220238.GA3437@zira.vinc17.org> <[🔎] 20151102225303.GD18838@copernicus.demon.co.uk>

On 2015-11-02 22:53:03 +0000, Brian wrote:
> An attacker must inject a payload into a web page that the user visits.
> When the page loads in the user’s browser the attacker’s payload will
> be executed. A user would likely have no knowledge of this, irrespective
> of whatever browser or user-agent string is being used.
> 
> Without the payload (which the bank's site has delivered) the security
> of the browser is not compromised. If a password were to be obtained the
> bank is complicit in the action. I expect they would take responsibilty
> for this.

If the attack is due to a vulnerability in the user's browser and
this browser is blocked by the bank because it is old and no longer
maintained (thus may have known, unfixed vulnerabilities), the user
would be fully responsible. Actually it is the responsibility of
the user to update his software, but bypassing the bank's security
mechanisms makes him even more responsible.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to:

Follow-Ups:
- Re: Iceweasel updates
  - From: Brian <ad44@cityscape.co.uk>

References:
- Iceweasel updates
  - From: Jack Dangler <tdldev@gmail.com>
- Re: Iceweasel updates
  - From: Brad Rogers <brad@fineby.me.uk>
- Re: Iceweasel updates
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: Iceweasel updates
  - From: Brian <ad44@cityscape.co.uk>
- Re: Iceweasel updates
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: Iceweasel updates
  - From: Brian <ad44@cityscape.co.uk>
- Re: Iceweasel updates
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: Iceweasel updates
  - From: Brian <ad44@cityscape.co.uk>
- Re: Iceweasel updates
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: Iceweasel updates
  - From: Brian <ad44@cityscape.co.uk>

Prev by Date: Re: Anybody know why aptitude is not installed by default in Sid?
Next by Date: Setting up Network for Xen
Previous by thread: Re: Iceweasel updates
Next by thread: Re: Iceweasel updates
Index(es):
- Date
- Thread