[CentOS] Why the Internet is so insecure
Alice Wonder
alice at domblogger.netWed Nov 30 10:33:23 UTC 2016
- Previous message: [CentOS] Multi Stream Transport
- Next message: [CentOS] Why the Internet is so insecure
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
https://github.com/whatwg/html/issues/2119 Major flaw in how the specification for window.opener() works resulting in a major phishing vulnerability that is cake to pull off. The right solution isn't considered because it would break compatibility with the few number sites that depend upon the broken specification even though it would be simple for those sites to implement a secure method. So instead the entire web is left with an extremely poor default and a crappy solution that won't be implemented by a large number of sites. And that's why the Internet will remain a playground for con artists for years to come. I've lost faith in the W3C. It's useless, time for a fork and a new standards body. Seriously. BTW - the fix that W3C does endorse, the rel="noopener" attribute, if that's the best the W3C is willing to do, Red Hat better make sure it makes it into the ESR version of FireFox they ship or it will be vulnerable for some time. The broken fix the W3C endorses isn't even set to make it into standard FireFox until FireFox 52. Which is odd because it is a serious security vulnerability. I'm worried it won't make it into ESR FireFox for some time. ESR often lags on features.
- Previous message: [CentOS] Multi Stream Transport
- Next message: [CentOS] Why the Internet is so insecure
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list