[cap-talk] bundling designation and authority
Ian G
iang at systemics.com
Fri Oct 14 13:32:13 EDT 2005
Karp, Alan H wrote:
> Sandro Magi wrote:
>
>>Actually, it's not clear what the actual URL was. Perhaps he typed an
>>extra ../ beyond the homepage?
>>
>
> Making typos a criminal offense. Sweet.
Yes, another possibility. Which reminds me.
Over on Mozilla's firefox they have this
"I'm feeling lucky" feature where if you
mistype a URL it triggers and sends it to
google in lucky mode.
So for example http;//blah.blah would end
up at Microsoft and https;//blah.blah would
end up at Paypal.
Because this was https I filed this as a
security bug. The developers position was
that ... the feature was working perfectly!
Nothing that could be said could get them
to realise that the security ramifications
were such that this should be ringing alarm
bells.
( Later it transpired that google had paid
mozilla a lot of money for undisclosed
things, and I'd hazard a guess that this
was one of them; and that the security
process was stalled because of complex
money and reorg deals going on behind the
curtain. Yet another piece of evidence
that security by secrecy leads to agenda
capture which leads to the eventual loss
or downgrading of security. )
iang
More information about the cap-talk
mailing list