[Project_owners] XPI install still vulnerable to MITM attacks on mozdev.org
Michael Vincent van Rantwijk, MultiZilla
mv_van_rantwijk at yahoo.com
Wed Jul 18 01:41:38 PDT 2007
XPI installations initiated from mozdev.org will still be vulnerable to
MITM attacks... when the XPI isn't *installed* originally from a SSL
a.m.o is secure, so in that case you can get away with simply signing
your updates, but each new installation will still be vulnerable to MITM
attacks, and this will be the next step in this process... to prevent
you from installing XPI's from insecure http: connections.
Why is this so hard to understand?
Michael Vincent van Rantwijk
- MultiZilla Project Team Lead
- XUL Boot Camp Staff member
- iPhone Application Developer
More information about the Project_owners