funsec mailing list archives
Re: facebook messages worm
From: Valdis.Kletnieks () vt edu
Date: Thu, 07 Aug 2008 15:18:07 -0400
On Thu, 07 Aug 2008 12:41:53 EDT, der Mouse said:
The *real* problem is that digital signatures for E-mail work in *exactly the same way* and provide *the same protection* as SSL does for the Web.Yes, that's the problem, not the solution statement.It's also wrong.
You then point out minor differences that totally gloss over the real issue: That the same people who don't understand that the little padlock doesn't guarantee that you're talking to the website you think you are, will also fail to understand that the little e-mail padlock doesn't guarantee that the e-mail is from who you think it is. As I said - it provides the same protection, which isn't what the average user *thinks* the protection is...
Attachment:
_bin
Description:
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: [Full-disclosure] facebook messages worm Juha-Matti Laurio (Aug 06)
- Re: facebook messages worm Gadi Evron (Aug 06)
- Re: facebook messages worm Martin Tomasek (Aug 07)
- Re: facebook messages worm Gadi Evron (Aug 07)
- Re: facebook messages worm John C. A. Bambenek, GCIH, CISSP (Aug 07)
- Re: facebook messages worm Valdis . Kletnieks (Aug 07)
- Re: facebook messages worm John C. A. Bambenek, GCIH, CISSP (Aug 07)
- Re: facebook messages worm der Mouse (Aug 07)
- Re: facebook messages worm Valdis . Kletnieks (Aug 07)
- Re: facebook messages worm der Mouse (Aug 07)
- Re: facebook messages worm Martin Tomasek (Aug 07)
- Re: facebook messages worm Gadi Evron (Aug 06)