SSL Defeated in IE and Konqueror

From The Register, anyone with a valid VeriSign SSL site certificate can forge any other VeriSign SSL site certificate in IE and Konqueror:

A chain is formed when an intermediate certificate is trusted between server and client. Supposedly, the intermediate is accepted only if it’s signed by the certificate authority as safe for the purpose. If it’s merely signed by another certificate’s key, it ought not to be trusted, or at least the user should be warned. Unfortunately, due to a preposterous security engineering oversight, IE and Konqueror don't bother to check this [&hellip]

Mozilla isn’t affected, as usual, though the author chides Mozilla as if maybe it’s a Mozilla quirk that is preventing the exploit. I would hope that The Register’s authors wouldn’t have such uninformed preconceptions :-/.

Usability Applied to Life

From the WebWord mailing list, usability guy Chad Lundgren writes about usability principles appled to real life. For instance:

3. For a long time, I keep my wallet and keys in my back pockets. This added to pick-pocket paranoid in crowded places,and made fast food drive-thrus arduous.

I read an article mentioning that European men tend not to use their back pockets, more for vanity than practicality, but I started using my front pockets only, and I’ve never looked back. So to speak.

I’ve considered that approach (wallet in front pocket), but I just don’t have the pockets to spare :(. With my mobile phone and my keys in my front-right pocket, and my Palm V and my uni-ball in my front-left pocket, I have no where but my back pockets for my wallet :-/.

And, I disagree with Chad’s #8, where he advocates absolute paths for web pages. The problem with using absolute paths is that it makes changing the “elevation” of the site (as a whole) impossible. For instance, relative paths would allow for the change from “sitename.com” to “sitename.com/directory/” without much trouble (but absolute paths would not).

And, for what it’s worth, my favorite line was “ […] they are keys, from one point of view”. ;)

New Orbit Theme

For those of you using the Orbit theme for Mozilla, there’s a new version available. Well, ok, I suppose that a June 27th release doesn’t make it all that “new”, but it’s certainly newer than the last version I spoke about. One of the things that I noticed in this newer version is that it provides for greater degree of theming for the preferences dialogs.

If you haven’t tried the themes for Mozilla beyond the built-in Classic and Modern, there are now quite a few good ones available (including my current favorite, Orbit).

Mozilla 1.1 Beta

Ah, I see that Mozilla 1.1 Beta has been released!

It’s here! Mozilla 1.1 Beta. New to this release are full-screen mode for Linux, BiDi Hebrew improvements, Arabic shaping improvements for Linux, and significant improvements to Venkman, the best cross-platform JavaScript debugger on the planet. […] And if you’re confused about all these alpha and beta releases (and what ever happened to that 1.0 branch?) then take a look at the nice picture available at the Mozilla Development Roadmap.

Grab it here:

Or, if you don’t have one of those OSs, there’re more downloads on the release page.