Educause Security Discussion mailing list archives
Re: web browser security zones
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Wed, 11 Jan 2006 13:00:24 -0500
On Wed, 11 Jan 2006 11:16:34 CST, Kevin Shalla said:
in that zone), but not much. Do other browsers have such detailed settings by security zone? It appears that Firefox has very little granularity (just load images and popups) in the security setup.
That's because the Firefox world-view is that *all* remote sites are untrusted.
At 11:54 AM 1/10/2006, David Gillett wrote:I recall that, a few years back, it was common for Microsoft to downplay IE bugs with this "must get user to visit a suspicious site" argument. And then some hacker crew broke into a hosting company and defaced 500+ legit websites, adding code that exploited some of those vulnerabilities. The notion that users can have any real idea, a priori, about the actual safety of any site is just false.
And David explains quite well exactly why. If, by some chance, your campus webserver gets defaced, then every single desktop that lists it as "trusted" is immediately vulnerable to compromise if they visit the now-hacked server.
Attachment:
_bin
Description:
Current thread:
- web browser security zones Kevin Shalla (Jan 11)
- <Possible follow-ups>
- Re: web browser security zones Valdis Kletnieks (Jan 11)
- Re: web browser security zones Gary Flynn (Jan 11)
- Re: web browser security zones Gary Dobbins (Jan 11)
- Re: web browser security zones Gary Flynn (Jan 11)