Forgot your password?

Close
typodupeerror

Comment: Re:Ugh (Score 1) 147

by Jerome H (#40186609) Attached to: The Cost of Crappy Security In Software Infrastructure

XSS is still a systemic error, not strictly coding. Why? Because it's code injection. If the browser was sandboxed, then the code couldn't do anything. Now, fi your bank was hit or your browser is sandboxed per instance, not tab, then you could lose your bank info to an attack, again, a high level design issue, not a coding issue.

Well even if the browser is sandboxed what would it change? The malicious code comes from the URL (either per mail or linking) and is displayed back to the user without any sanitizing, how is this not an coding error ?

Security

Does SSL Validation Matter?

Submitted by Anonymous Coward
An anonymous reader writes "Right now, in an email list excluded from the public eye some bright people are discussing the future of SSL. At debate is (a) do they allow DV (domain only validation) certificates to continue to exist (exist for e-commerce use? only encryption use?) or do they require a higher degree of certificate validation? (b) Do they allow certificates to be issued with non-unique common names (certificates used on internal networks, think your exchange server) or do they ban the practice? If this were 'hypothetically' a heated debate going on right now and you could chime in, what would you say? Hypothetically. I would love to hear from the slashdot community."

Finality is death. Perfection is finality. Nothing is perfect. There are lumps in it.