lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sat, 06 Sep 2008 18:06:11 +1200
From: Nick FitzGerald <nick@...us-l.demon.co.uk>
To: bugtraq@...urityfocus.com
Subject: Re: RES: Google Chrome Automatic File Download

DIOGO LEAL CHAGAS wrote:

> To "fix" this "problem":
> 
> In Google chrome
> Tools -> Options -> Minor Tweaks (tab) in download location: check the "ask where to save each file before downloading"

Yes, yes, yes...

_BUT_, in a browser announced with such a massive hoopla about how it's 
been double-especially-extra-security-hardened from the outset, _that 
something more obviously sensible_ was not the _shipping default 
configuration_ is gob-stoppingly stupid; a fundamentally noob-ish design 
error.

In short, something that does not bode well for the product living up to 
the marketing hype.

Oh, and slapping the standard "we're Google so couldn't be arsed 
finishing it so will call it beta" label on it makes no difference. 
Fundamentally stupid is fundamentally stupid at whatever point in the 
development process that "feature" made its way into the product.


Regards,

Nick FitzGerald

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ