Full Disclosure mailing list archives

Re: Mozilla Thunderbird SMTP down-negotiation weakness

From: Steve Friedl <steve () unixwiz net>
Date: Fri, 14 Oct 2005 21:48:52 -0700

On Sat, Oct 15, 2005 at 06:10:35AM +0300, Markus Jansson wrote:

Lets not forget that STILL all Mozilla products fail to 
show RSA/asymmetric keysize in any sensible format.


There are exactly seven people on the planet who will actually make
different surfing decisions based on the symmetric key size shown in a
browser, and you're one of them - I don't know where the other six are.

When the majority of people can't figure out whether they are visiting
their bank or not, will say "Sure, accept that SSL cert" even when ID'd as
"Joe's Phishing Gang", and believe that the McAfee A/V which came with
their Dell PC 3 years ago is still current, your being hysterically
concerned about keysize (as you have on BroadbandReports for years)
sure seems like nothing in perspective.

Steve

--- 
Stephen J Friedl | Security Consultant |  UNIX Wizard  |   +1 714 544-6561
www.unixwiz.net  | Tustin, Calif. USA  | Microsoft MVP | steve () unixwiz net
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Mozilla Thunderbird SMTP down-negotiation weakness Thomas Henlich (Oct 14)
- Security Scanners Adriel Desautels (Oct 15)
- <Possible follow-ups>
- Mozilla Thunderbird SMTP down-negotiation weakness Markus Jansson (Oct 14)
  - Re: Mozilla Thunderbird SMTP down-negotiation weakness Steve Friedl (Oct 14)
  - Re: Mozilla Thunderbird SMTP down-negotiation weakness Tim (Oct 14)
    - Re: Mozilla Thunderbird SMTP down-negotiation weakness Markus Jansson (Oct 15)
    - Re: Mozilla Thunderbird SMTP down-negotiation weakness Tim (Oct 16)