SLUG Mailing List Archives
[SLUG] Re: XecureBrowser - looks like snake oil to me.
- To: slug@xxxxxxxxxxx
- Subject: [SLUG] Re: XecureBrowser - looks like snake oil to me.
- From: Daniel Pittman <daniel@xxxxxxxxxxxx>
- Date: Thu, 11 Nov 2010 11:35:52 +1100
- Reply-to: slug@xxxxxxxxxxx
- User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (darwin)
> I don't know about the XecureBrowser itself, but secure browser operating
> systems is a huge research area at present. SSL *has* been cracked ---
> there're a couple of known timing and man-in-the-middle attacks --- but if
> you use good keys, and disable attacking sites (they'd be pretty obvious:
> see the paper http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf for the
> classic explanation of one such attack -- there are a couple more) you
> should be safe for now.
Yup. I absolutely agree with this (and those attacks did make the "news"
My issue is not the idea of a secure browser, but the claimed implementation
✣ Daniel Pittman ✉ daniel@xxxxxxxxxxxx ☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons