Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

New Firefox iFrame Bug Bypasses URL Protections

Johnath Re:Oh Please ... (118 comments)

I work for Mozilla on Firefox and I just wanted to respond to some of the claims being made here. We've opened up the bug so that others can take a look (bug 570658), but there is not much to see, here. The bug says that:

1) if you visit a page that uses an iframe
2) and that iframe's src attribute uses a deceptive url (e.g. "http://safe.com@evil.com")
3) then we don't pop up a warning that the url is deceptive

What's odd about the bug is that there is very little value to step 2 - only someone examining the page's source would notice the iframe's src attribute, so it's not clear to me where the deception is supposed to come in. A genuinely malicious page would source their attack iframes directly, unless they thought that this deceptive url might fool our phishing/malware protection. It won't.

If someone thinks we're overlooking an attack vector here, we're really interested to hear it, but as described the attack feels pretty weak.

If you think we're missing something critical, please do comment in the bug or get in touch with our security group ( http://www.mozilla.org/security/ ).

Johnathan

more than 4 years ago
top

Cracking GSM

Johnath Re:Patent protection? (359 comments)

I do hate to get bogged down in semantics, especially in such an off-topic thread, but I would argue that you are either being deliberately pedantic or missing the point. This is just the old denotation vs. connotation merry-go-round, but what the heck, eh? For old time's sake.

The argument states "if you make gun ownership a crime, then only criminals will have guns" and of course you are right that this is, prima facie, a logical tautology which is fine except that is not how anyone is intending the argument to be heard. Conversational implicature. The argument, if you prefer, can be stated as "if you make gun ownership illegal, then the only people who will have guns are unsavoury types who do not respect any laws, and who will now use their lack of guilt to advance their other criminal enterprises by way of their now-exclusive ability to possess firearms whereas in the past, though they might intend to use firearms in the commission of murder, robbery, or what-have-you, at least there was the notional deterrent that their (law-abiding) victims may also possess guns for purposes of defense." That is to say, people are expecting you, as a fellow human and english speaker, and as someone with a presumably compatible life experience and social context, to understand the word criminal as having significant, if not primary, meanings ASIDE from that of being someone who commits a crime.

I only mention all this because I have watched many interesting discussions become derailed by arguments like this which are not in any way relevant, but are nonetheless suggestive enough to be distracting. No personal attack is intended, of course.

about 11 years ago

Submissions

Johnath hasn't submitted any stories.

Journals

Johnath has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?