lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAJVRA1RfvuJpJQJa+jK2-qBEhPeJRQbwxQsGrs1AoAPLP=cJ_A@mail.gmail.com>
Date: Tue, 20 Dec 2011 16:00:06 -0800
From: coderman <coderman@...il.com>
To: Charles Morris <cmorris@...odu.edu>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: OT: Firefox question / poll

On Tue, Dec 20, 2011 at 9:40 AM, Charles Morris <cmorris@...odu.edu> wrote:
> I'm curious what everyone's opinion is on the following question...
> esp. to any FF dev people on list:
>
> Do you think that the Firefox "warning: unresponsive script" is meant
> as a security feature or a usability feature?

anyone who said "security feature" is an idiot and/or not thinking clearly.
your security is harmed by malicious script in milliseconds.
this does nothing to protect you from anything.*

it is purely a usability feature in response to shitty developers
writing shitty webapps leading to excessively long script execution
(which can thus be terminated if desired once this warning presents)


* someone may say "availability is a security requirement!". true, but
then a modem link to web 2.0 is a DoS, and there's simply no point
going down that road...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ