headers
Duane | 1 Jul 2005 04:42
Favicon

Re: new anti-fraud mailing list for discussing improving browser security UI

Gervase Markham wrote:

> Well, it's certainly this sort of unfounded paranoia that probably would
> blow the lid off the embryonic ground-breaking collaboration we've
> managed to achieve. Do you think all the browser makers collaborate

Spin and twist things any way you want, I'm guessing you've forgotten
the lessons that history provides when US multinationals enter into
secret closed door talks...

Yup my comments are unfounded paranoia, after all it's not as if we're
dealing with convicted monopolists or anything like that.

And it's not like you're getting an unbiased opinions because only
commercial CAs were the only ones invited to give their input.

--

-- 

Best regards,
 Duane

http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org - Using Enum.164 to interconnect asterisk servers

"In the long run the pessimist may be proved right,
    but the optimist has a better time on the trip."
(Continue reading)

Permalink | Reply | 0 comments |
headers
Amir Herzberg | 3 Jul 2005 15:59
Picon
Picon

Re: Is there a Mozilla security process?

Space Riqui wrote:
> --- Heikki Toivonen <hjtoi <at> comcast.net> wrote:
> 
> 
>>>after playing around for a while I managed to go to 
>>>a site I had set a petname for but the petname 
>>>field showed untrusted (I've been unable to
>>>reproduce this, though)
> 
> This has happened to me a few times with the following web sites:
> 
> https://tryowa.arvinmeritor.com/
> https://chaseonline.chase.com/chaseonline/home/sso_co_home.jsp

I tried both and didn't notice this particular problem. OTOH, I noticed
petname (and spoofstick) does not handle multitab FF windows correctly,
which is very confusing and annoying; maybe that was the cause of your
problem?

BTW, these sites work fine for TrustBar (now using our 0.4 alpha version
which also lets me `rename` them in the  bar directly, like `petname`;
but I'm quite sure they worked also in the current 0.31 release).

Best, Amir Herzberg
> 
> Hope it helps.
> 
> 
> 		
> ____________________________________________________
(Continue reading)

Permalink | Reply | 1 comment |
headers
Gervase Markham | 4 Jul 2005 23:12
Picon
Favicon
Gravatar

Re: new anti-fraud mailing list for discussing improving browser security UI

Amir Herzberg wrote:
 > I wonder: was the mere fact of you meeting with them a secret? If so,
 > did you get permission to disclose this secret (was it declassified)?

The existence of the meeting was not a secret.
http://weblogs.mozillazine.org/gerv/archives/008126.html

 > It must have been `top secret` since you were forced to take evasive
 > actions, i.e. tell us you need usability tests, criteria, code, etc.
 > when you simply could have said that you decided to follow a specific
 > direction and are not currently interested in outside contributions.
 > This would have been the right thing to do, imho.

Why do you persist in seeing this as an either/or, black-and-white 
thing? Just because we are improving the certificate UI doesn't mean 
that all your work is suddenly invalid or unwanted. I'm very interested 
in what you are doing. I'm not yet convinced any of the suggested 
outside contributions are a good fit for Firefox. That doesn't mean that 
won't change in the future.

Gerv
Permalink | Reply | 1 comment |
headers
Amir Herzberg | 6 Jul 2005 09:48
Picon
Picon

Re: new anti-fraud mailing list for discussing improving browser security UI

Gervase Markham wrote:

> Why do you persist in seeing this as an either/or, black-and-white 
> thing? 
Gerv, I am not excited about your working in closed group, but I still 
hope you make a good job. I think that you and Heikki should have said 
earlier, that at the current time you work with specific associates in a 
closed group; again: this is legitimate, imho, even if I prefer 
otherwise. But saying so openly may have saved time wasted on trying to 
convince Mozilla security group to look at other proposals (e.g. 
TrustBar), and may have even impacted decisions. For example, I've put 
more resources on FF improvements of TrustBar than on completing the IE 
version. Maybe I would have reveresed this if I was aware of you process 
earlier. After all, MS are also interested and watching our work, so if 
you work together, maybe an IE version would help more...

> Just because we are improving the certificate UI doesn't mean 
> that all your work is suddenly invalid or unwanted. I'm very interested 
> in what you are doing. I'm not yet convinced any of the suggested 
> outside contributions are a good fit for Firefox. That doesn't mean that 
> won't change in the future.

Ok, so let us all continue working...
--

-- 
Best regards,

Amir Herzberg

Associate Professor
Department of Computer Science
(Continue reading)

Permalink | Reply | 0 comments |
headers
vikiez | 14 Jul 2005 12:24

Re: click events not coming thru


Hi charlie,

have similiar problems ... have you made some progress in the
meanwhile?

viz

charlie schmitt wrote:
> *If there's a better place to post this please let me know....
> 
> I have a simple xul application which records a browser session. I
> capture (at the moment) click and change events, build a simple xml
> script and then play the script back later with
> createEvent/dispatchEvent. I'd call it a prototype at this point -
> it
> needs alot of work.
> ....SNIP 
> *

--
vikiez
------------------------------------------------------------------------
Posted via http://www.forum4designers.com
------------------------------------------------------------------------
View this thread: http://www.forum4designers.com/message208932.html
Permalink | Reply | 0 comments |
headers
David Fosdike | 18 Jul 2005 03:58

Security alert

CERT and others are recommending going to version 1.7.9 - there are some 
references to it on Mozilla's site but I can't find the download.  Any 
ideas?

David Fosdike
dfosdike at nospam(leave this out and change 'dots' and 'at') dot elders dot 
com dot au
Permalink | Reply | 3 comments |
headers
Michael Lefevre | 18 Jul 2005 16:04

Re: Security alert

On 2005-07-18, David Fosdike <me <at> there.com> wrote:
> CERT and others are recommending going to version 1.7.9 - there are some 
> references to it on Mozilla's site but I can't find the download.  Any 
> ideas?

There was a problem with the release, which was discovered with Firefox
first, so Mozilla Suite 1.7.9 was not released.  There should be a 1.7.10
version out in the next few days which will have the fix and not have the
problem. (The problem was that some API changes slipped in, which broke
compatibility with some addons and extensions. Firefox 1.0.5 was released
last Tuesday and now the problem has been discovered Firefox 1.0.6 will be
released shortly - the problem was discovered before 1.7.9 was released so
they cancelled it)

There are release candidate builds of 1.7.10 available for testing -
http://weblogs.mozillazine.org/qa/archives/2005/07/please_help_us.html

--

-- 
Michael
Permalink | Reply | 2 comments |
headers
Vrodok the Troll | 18 Jul 2005 17:22

Re: Security alert

On 18 Jul 2005 14:04:21 GMT, in netscape.public.mozilla.security, Michael
Lefevre <news+07.nospam <at> michaellefevre.com>, by way of Message-id
<3k1r74Fsg0p2U1 <at> individual.net>, wrote:

[snip]
>
>There was a problem with the release, which was discovered with Firefox
>first, so Mozilla Suite 1.7.9 was not released.  There should be a 1.7.10
>version out in the next few days which will have the fix and not have the
>problem. (The problem was that some API changes slipped in, which broke
>compatibility with some addons and extensions. Firefox 1.0.5 was released
>last Tuesday and now the problem

What "problem" (former user of FF 1.0.5; now using 1.0.4, again)?

> has been discovered Firefox 1.0.6 will be
>released shortly - the problem was discovered before 1.7.9 was released so
>they cancelled it)
>
>There are release candidate builds of 1.7.10 available for testing -
>http://weblogs.mozillazine.org/qa/archives/2005/07/please_help_us.html

--

-- 

A cat is a machine. All she does is eat, 
and sleep, and make little cats.
Permalink | Reply | 1 comment |
headers
Michael Lefevre | 18 Jul 2005 18:07

Re: Security alert

On 2005-07-18, Vrodok the Troll <Pay.Troll <at> 35.cents.pls> wrote:
> On 18 Jul 2005 14:04:21 GMT, in netscape.public.mozilla.security, Michael
> Lefevre <news+07.nospam <at> michaellefevre.com>, by way of Message-id
> <3k1r74Fsg0p2U1 <at> individual.net>, wrote:
> [snip]
>>
>>There was a problem with the release, which was discovered with Firefox
>>first, so Mozilla Suite 1.7.9 was not released.  There should be a 1.7.10
>>version out in the next few days which will have the fix and not have the
>>problem. (The problem was that some API changes slipped in, which broke
>>compatibility with some addons and extensions. Firefox 1.0.5 was released
>>last Tuesday and now the problem
>
> What "problem" (former user of FF 1.0.5; now using 1.0.4, again)?

As I just wrote "The problem was that some API changes slipped in, which
broke compatibility with some addons and extensions".  Firefox 1.0.6 will
be out shortly, which will not have that problem, but will have the
security fixes that are in 1.0.5.

--

-- 
Michael
Permalink | Reply | 0 comments |
headers
Frank Hecker | 19 Jul 2005 21:07

Security warnings and obedience to authority

I thought this was an interesting blog post, with obvious implications 
for the issue of warning dialogs in Firefox, Thunderbird, etc.

http://usablesecurity.com/2005/07/19/obedience-to-authority/

Frank

--

-- 
Frank Hecker
hecker <at> hecker.org
Permalink | Reply | 1 comment |

Gmane