General
: K-Meleon Forum
General discussion about K-Meleon.
Goto:
Forum List
•
Message List
•
Search
•
Log In
Your Name:
Subject:
Help information
BBcode help
Smileys help
[quote=JohnHell] We are forgetting 2 main things here about the attack. 1.- it is a XSS attack (cross site scripting) 2.- and a kind of MitM attack (man in the middle) through an infection (trojan) in one of the sides, server. In other words, if a third acts to you as a proxy (XSS) and someone sniffs you (MitM through a trojan), can modify the TLS/SSL session to do whatever. The CBC attack existed before, the only change is the way is being attacked if CBC is not fixed and the time it requires to guess the encryption. Also, some are unsure if for this attack is really needed Java or just Javascript. [b]This is what I got about this attack.[/b] Beyond this, yes, we are not safe, but the recommendations are as always. Don't open SSL sessions through third party sites, and not trusted sites, and keep your system clean (and let's hope the servers too).[/quote]
[Please Enable JavaScript]
K-Meleon forum is powered by
Phorum
.
Home/News
Screenshots
Download
Documentation
Resources
Get Involved
Forum
Bugs
Development
