Re: One Laptop per Child security

Thread: Re: One Laptop per Child security

Search this list only Search all lists
Re: One Laptop per Child security
United States	2007-02-08 21:35:35
-- Simon Josefsson wrote: > Would it be possible for one malicious web site to be > able to access (or even influence) what is being done > in another tab or window of the browser? > > If the user is talking to a bank, then that scenario > may threaten the user's privacy. > > Sandboxing the browser instance for each site would > solve that problem. As designed, hard to VM each browser instance. If one uses something less than VM, one relies on quite a lot of code that one does not really understand being correct. I do not see any alternative to this, short of a major browser rewrite. Ideally, there should be a separate VM responsible for talking to each site, interpreting javascript, etc, which is created when the conversation is started, and shut down when one browses away from that site. Big project. Or instead of VMing things, one could structure the code so that automatic code checks make it impossible to compile code that is bad in certain ways - again a big project. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG txnLOsPeyJqwn5LYEMAdBUQoBArt6OJO8Rp8P6Vn 4GQB25JeUovLVxb1JZBHA6Q0qjCGFQGkhchihumVh ------------------------------------------------------------ --------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomometzdowd.com

Failure of PKI in messaging
United States	2007-02-12 15:43:07
-- Obviously financial institutions should sign their messages to their customers, to prevent phishing. The only such signatures I have ever seen use gpg and come from niche players. I have heard that the reason no one signs using PKI is that lots of email clients throw up panic dialogs when they get such a message, and at best they present an opaque, incomprehensible, and useless interface. Has anyone done marketing studies to see why banks and massively phished organizations do not sign their messages to their customers? --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG BwrcLrYHszR0syC9LdVrjxAionyxVDwbtJq8Xu2q 4ky71ODjPeHF5TC4pnkktFaLHEOfFN4fY8JEyqnfn ------------------------------------------------------------ --------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomometzdowd.com

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )