What's to stop somebody from hijacking the bank website, redirecting to a website that uses no SSL at all, and waiting for the passwords to roll in?
If you normally access your bank's website by way of https, you wouldn't get redirected because the hijacked website's certificate wouldn't be valid.
Other than that, you're just describing phishing.
The fact that there are "compan*ies* such as Verisign" means Verisign is not a monopoly.
In Firefox, go to Tools, Options, Advanced, Encryption, View Certificates, Authorities. These are all valid CAs according to Firefox.
As for being cheap, a quick check at GoDaddy's says you can get one from them for $30/year.
Not that I expect Slashdot editors to be able read French, but if you're going to post a story on a top news site, it's usually a good idea to know what it says.
-Specifically, it's PointDev's CEO quoted in the article, not just some spokesman.
-PointDev's CEO is not claiming the BSA said anything. The article states BSA's statistics.
-BSA's statistics clearly refer to enterprises in general. How would anyone (besides Sony) know the exact percentage of software that's pirated in Sony?
The file they're reading from in TFA (all.js) contains a portion of the default Firefox preferences, not your current settings. There may be other ways to exploit this problem, and web pages definitely shouldn't be allowed to read any file from your computer, but the proof of concept isn't as bad as they say it is. The majority of your personal information is in your profile directory (under Application Data on Windows), not the program directory.
Re:Bet there still isn't a decent "Stop!" button
on
HTML V5 and XHTML V2
·
· Score: 1
This sounds like what you're talking about, albeit only for script.
XHTML V2 and related modules are officially supported by the W3C, and the related modules are becoming key ingredients for other XML specifications that the W3C maintains. Unfortunately, official W3C approval is no guarantee of support by major Web browsers.
It wouldn't be the first time browser vendors were ahead of official recommendations.
Official W3C approval is pretty much dependent on support by major Web browsers. The W3C process says there should be two interoperable implementations of each feature before a proposed standard becomes a recommendation.
The FAQ doesn't even try to give a serious answer about the expected date of approval
Firefox isn't an office suite because of offline storage any more than it's a photo gallery because it can display images or a calculator because it can do math. They are all features that allow web pages and extensions to do interesting things that the browser itself does not.
He said all the evidence the company has indicates that the device is performing quantum computations, but he acknowledged there is some uncertainty. Sounds like a joke that flew over the reporter's head.
Oh, and your script might not run because it's not properly escaped with CDATA sections (you're writing XML), you're missing a namespace so it probably won't render properly (you're writing XML), it won't work at all in IE (you're writing XML), you're using stupid "click here" links, and you should be just doing this whole thing server side so you don't need this extra page at all.
Not exactly rocket science.
Below are the results of checking this document for XML well-formedness and validity.
1. Error Line 6 column 7: required attribute "type" not specified.
<script>
The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element.
Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>.
I hope they've fixed the bug that caused "A script on this page is causing mozilla to run slowly. If it continues to run, your computer may become unresponsive. Do you want to abort the script?" to show up. Extensions that don't work correctly is one thing, but it's unacceptable when they affect other parts of the browser.
Slashdot Mirror
If you want it to be possessive, it's just I-T-S.
But if it's supposed to be a contraction, then it's I-T-apostrophe-S.
Scallywag.
What's to stop somebody from hijacking the bank website, redirecting to a website that uses no SSL at all, and waiting for the passwords to roll in?
If you normally access your bank's website by way of https, you wouldn't get redirected because the hijacked website's certificate wouldn't be valid. Other than that, you're just describing phishing.
of downloading a PowerPoint file created by a hacker that describes how to exploit DNS servers by way of a URL that requires me to use DNS to get to.
Maybe it's just me.
The fact that there are "compan*ies* such as Verisign" means Verisign is not a monopoly. In Firefox, go to Tools, Options, Advanced, Encryption, View Certificates, Authorities. These are all valid CAs according to Firefox. As for being cheap, a quick check at GoDaddy's says you can get one from them for $30/year.
Not that I expect Slashdot editors to be able read French, but if you're going to post a story on a top news site, it's usually a good idea to know what it says. -Specifically, it's PointDev's CEO quoted in the article, not just some spokesman. -PointDev's CEO is not claiming the BSA said anything. The article states BSA's statistics. -BSA's statistics clearly refer to enterprises in general. How would anyone (besides Sony) know the exact percentage of software that's pirated in Sony?
The file they're reading from in TFA (all.js) contains a portion of the default Firefox preferences, not your current settings. There may be other ways to exploit this problem, and web pages definitely shouldn't be allowed to read any file from your computer, but the proof of concept isn't as bad as they say it is. The majority of your personal information is in your profile directory (under Application Data on Windows), not the program directory.
This sounds like what you're talking about, albeit only for script.
http://weblogs.mozillazine.org/roadmap/archives/20 07/02/threads_suck.html
Firefox isn't an office suite because of offline storage any more than it's a photo gallery because it can display images or a calculator because it can do math. They are all features that allow web pages and extensions to do interesting things that the browser itself does not.
So we're supposed to believe you're right without evidence, or what? You should've included reliable sources for those statements.
Firefox 2.0 is based off the 1.8 Gecko branch, just like Firefox 1.5 was. 1.5 uses 1.8.0, 2.0 will use 1.8.0.1, 3.0 will use 1.9. There shouldn't be much difference in terms of rendering pages between 1.5 and 2.0.
Oh, and your script might not run because it's not properly escaped with CDATA sections (you're writing XML), you're missing a namespace so it probably won't render properly (you're writing XML), it won't work at all in IE (you're writing XML), you're using stupid "click here" links, and you should be just doing this whole thing server side so you don't need this extra page at all. Not exactly rocket science.
This page is not Valid XHTML 1.0 Transitional!
Below are the results of checking this document for XML well-formedness and validity.
1. Error Line 6 column 7: required attribute "type" not specified.
<script>
The attribute given above is required for an element that you've used, but you have omitted it. For instance, in most HTML and XHTML document types the "type" attribute is required on the "script" element and the "alt" attribute is required for the "img" element.
Typical values for type are type="text/css" for <style> and type="text/javascript" for <script>.
I hope they've fixed the bug that caused "A script on this page is causing mozilla to run slowly. If it continues to run, your computer may become unresponsive. Do you want to abort the script?" to show up. Extensions that don't work correctly is one thing, but it's unacceptable when they affect other parts of the browser.
Firefox 1.0.7 Released, and the bug is fixed.