It's exactly this naive assumption of you that only one session is involved in your authentication that makes this bug so dangerous. Thousands of students all over the world log in using federated authentication that involves AT LEAST three independant sessions at independant url's of which at least one is never cleared on logout. They are told only closing their browser clears their login, WHICH SHOULD BE THE CASE if browser respected SESSION lifetime cookies to only live while the browser is open. It's a BUG, it's dangerous, it should be fixed and I don't give a rat's arse about lost shopping carts!
People unaware of this BUG are vulnerable to account hijacking when they leave the place after cosing the browser in the assumption they did the right thing to close their sessions. And yes, english is not my native tongue so I made a little mistake, I'll steer away from that in the future, thanks for noticing.
It is insecure in the sense that people sharing a computer running Firefox and logging in on secure websites that use SESSION lifetime cookies are NOT protected against restoring their session after they closed the browser and leave (the public place). THAT is insecure BY DESIGN!!
SESSION lifetime cookies should NEVER be restorable after the browser has been closed by the user nor crashed.
As long as this https://bugzilla.mozilla.org/s... BUG is present, Firefox is a far cry from being a secure browser. Since I know about this, I advise anybody that needs to have secure browser to stear away from Firefox!
Slashdot Mirror
It's exactly this naive assumption of you that only one session is involved in your authentication that makes this bug so dangerous. Thousands of students all over the world log in using federated authentication that involves AT LEAST three independant sessions at independant url's of which at least one is never cleared on logout. They are told only closing their browser clears their login, WHICH SHOULD BE THE CASE if browser respected SESSION lifetime cookies to only live while the browser is open. It's a BUG, it's dangerous, it should be fixed and I don't give a rat's arse about lost shopping carts!
People unaware of this BUG are vulnerable to account hijacking when they leave the place after cosing the browser in the assumption they did the right thing to close their sessions. And yes, english is not my native tongue so I made a little mistake, I'll steer away from that in the future, thanks for noticing.
It is insecure in the sense that people sharing a computer running Firefox and logging in on secure websites that use SESSION lifetime cookies are NOT protected against restoring their session after they closed the browser and leave (the public place). THAT is insecure BY DESIGN!! SESSION lifetime cookies should NEVER be restorable after the browser has been closed by the user nor crashed.
As long as this https://bugzilla.mozilla.org/s... BUG is present, Firefox is a far cry from being a secure browser. Since I know about this, I advise anybody that needs to have secure browser to stear away from Firefox!
The external Event Manager (http://community.elgg.org/plugins/736695/2.7.1/event-manager) is exceptionally cool, complete with RSVP functionality.
Have you looked at Elgg? http://elgg.org/
Have you looked at S3QL http://code.google.com/p/s3ql/? Mountable infinite Amazon S3 storage via fuse (no limited blockdevice setup).
I've got one and I'm happy with it. Though Interead (as a company) is B_A_D, the device (with latest firmware) is nice. http://www.mobileread.com/forums/forumdisplay.php?f=213