 |
 |
Safari security issue?
|
|
|
|
|
Posting Junkie
Join Date: Mar 2001
Location: Salamanca, España
Status:
Offline
|
|
http://www.secunia.com/advisories/8756/
I missed it, so somebody else must have too.
sounds pretty benign, but hey.
"Apple Safari and Konqueror Embedded fails to validate the Common Name of a SSL certificate. This makes it possible to spoof SSL sites, so that users can't trust the authenticity of a SSL website."
|
|
I could take Sean Connery in a fight... I could definitely take him.
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Sep 2000
Location: DC Metro, USA
Status:
Offline
|
|
THAT seems benign? Do you do any online shopping or banking?
|
|
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Mar 2001
Location: Salamanca, España
Status:
Offline
|
|
Originally posted by ophion:
THAT seems benign? Do you do any online shopping or banking?
Well, *if* it occurs it is very very serious. I meant that it was so unlikely to happen that it was benign. Safety due to obscurety. There are so few Safari users in the world (well and Konqueror) that nobody will try to exploit these flaws.
I do hope Apple does something because I do a lot of online banking. In fact that is how I do all my banking.
|
|
I could take Sean Connery in a fight... I could definitely take him.
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Sep 2000
Location: DC Metro, USA
Status:
Offline
|
|
Ah, yes, quite right, though the "security through obscurity" doctrine leaves me cold--there is always someone looking to take the piss.
I do all of my banking online, too. Safari currently does not work correctly with my bank's site. I am not sure whether the fault is in Citibank's JavaScript or Safari's interpreter. I have reported the problem to both companies.
|
|
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Mar 2001
Location: Salamanca, España
Status:
Offline
|
|
There are two options:
1. bug in Safari
2. bug with your bank
If your bank works with more than IE, Safari would begin to look suspicous. Of course Safari is in beta and remember to send the Safari team a bug report as well.
I find Apple to be awfully quiet about this ... issue.
|
|
I could take Sean Connery in a fight... I could definitely take him.
|
| |
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Nov 2001
Location: Arizona
Status:
Offline
|
|
There should be a little extra embarrassment because this exact same problem was discovered and widely reported 6 months ago in Internet Explorer and Netscape - and promptly fixed.
Evidently the Safari team doesn't have time to read the news.
|
|
|
| |
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Sep 2000
Location: DC Metro, USA
Status:
Offline
|
|
Originally posted by voodoo:
There are two options:
1. bug in Safari
2. bug with your bank
Yes, that's what I meant when I wrote "I am not sure whether the fault is in Citibank's JavaScript or Safari's interpreter."
If your bank works with more than IE, Safari would begin to look suspicous.
I currently use Mozilla for my banking, and the site works fine in it.
Of course Safari is in beta and remember to send the Safari team a bug report as well.
I find Apple to be awfully quiet about this ... issue.
When I reported the issue to Apple, I used the bug button within Safari.
I, too, find Apple to be a bit quiet on the issue. I have been checking Software Update, expecting a patch to appear. Safari is Beta and all, but it is quite widely distributed (as Apple brags on its site). I would expect Apple, now that it is again a browser vendor (remember CyberDog?), to treat security issues seriously.
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
Top