LinuxQuestions.org - How does ssl 3 and tls1 and tls 1.1 work with a web browser?

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - How does ssl 3 and tls1 and tls 1.1 work with a web browser? (https://www.linuxquestions.org/questions/linux-security-4/how-does-ssl-3-and-tls1-and-tls-1-1-work-with-a-web-browser-680585/)

so cross site scripting and injection isnt an issue here...
ok thats what I wanted to hear...
phew...good to know. sorry I wasted everyones time.

Quote:

Originally Posted by deepsix (Post 3329826)

The reason their concern ends? the OS: (or marketing)
people mimick what they are taught is secure, and most people start on windows. Im not picking on windows the same goes with linux, mac, and any other os out there.

you see the problem is the same as the example I gave about Yahoo.
what happens when the normal user boots up his pc? he gets a login screen. that login screen encrypts his password and allows him access to his account. ( the same way as on yahoo) but his my documents and everything on that account are readable by anyone with an account on the computer by default. (im talking about the home editions of windows you know the ones that ask for a username and password but if you hit cancel or login without entering anything you get a desktop anyway?) <--- some linux distros are actually trying to mimick this with auto login and dont get me started on sudo as the only means of accessing root.
and some of the linux distros that arent doing those things are using lax files permissions that allow another user to browse another users directory by default. I just think it would benefit everryone if all filesystems were encyrpted by default and creating programs that use encrypted sockets and any data transfered from one filesystem to another was done through an encrypted tunnel.

I dont know...I might sound paranoid to some people or stupid to others.
and some of this may never happen but it sounds good, it draws up on paper but problably will never happen. or maybe it will

http://www.webmonkey.com/

Deepsix,

Why are you dredging up a two and half year old thread?

Having spent the last 15 minutes reading through this thread and your side conversations with LQ management I finally discovered how old it was and honestly find it quite irritating. I have since spent 15 minutes generating an appropriate reply.

I realize that this topic is of concern to you. I also find it to be an intriguing subject. Is there something new that you would like to add?

If so, it would probably be appreciated by most members if you would start a new thread instead of necro-posting to a very old one. This thread is on the brink of falling into the "flogging a dead horse category."

I just stumbled across this slashdot article (3-21-11) on this very subject and thought I would add a link to it. It is a discussion of the article pointed to by Deepsix's latest post.

As this is/was an LQ-specific concern, I feel it's best to continue the discussion here.