lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV more about wells fargo, schwab


From: David Woolley
Subject: Re: LYNX-DEV more about wells fargo, schwab
Date: Thu, 12 Mar 1998 23:15:12 +0000 (GMT)

> and 2) anyone can obtain the source code and hack it as they please with
> the end result that there is no guarantee that any particular image is
> truly secure.  Read the disclaimer that comes with Lynx.  None of the

However, most of the mis-implementation scenarios occur at the server
end.

> developers, past, present or future are going to accept responsibility
> for a failure (bug) in the implementation of the "hooks" for the SSL
> library.  I personally wouldn't use any Lynx to transfer money unless
> Fote inspected the code and built it himself.

I wouldn't trust it simply because of that.  Netscape themselves managed
to mess up the key generation of one of their server products so as to
reduce the brute force cracking time to minutes.  On the other hand,
the pressures on commercial provides militate against people spending
time understanding the issues, or even doing anything about them if it
costs money.  (Another example:  Microsoft managed to use a potentially
secure cipher wrongly in the original versions of the password list
encryption for share level security in Win 3.11 and Win '95, making it
trivially breakable.)

> > You're unwilling to
> > engage in the free flow of information?  Now I've got to find the lynx-dev
> > archives.

The information may seem free to the asker, but there is a large
opportunity cost for the supplier, and quite a significant cost in terms
of distribution, storage and reading of duplicate answers.  Never look
a gift horse in the mouth.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]