[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV more about wells fargo, schwab

From: Nelson Henry Eric
Subject: Re: LYNX-DEV more about wells fargo, schwab
Date: Thu, 12 Mar 1998 13:36:56 +0900 (JST)

> Umm..  Then it seems to me that it would be useful to tell Wells Fargo
> that they *aren't* actually promoting security.

Okay.  I'll try one more time.  They are not "promoting security."  They
are trying to provide a service to their customers.  As soon as they do
that, they become liable for any damages that may ensue from negligence
on their part in implementing that service.  For them to give the impression
to their customers that sensitive data will not be intercepted simply because
they are using a browser which can handle "domestic strength" encryption
would be negligent.  Again, they would like to be sure (as possible) that
an acceptable level of encryption is functioning across the entire
transmission route from their data base to the end customer's terminal.

Lynx is a high-risk application in this sense for two reasons: 1) its
most widely used platform most often has the binary being run remotely,
with no guarantee that the route from the host to the terminal is secure,
and 2) anyone can obtain the source code and hack it as they please with
the end result that there is no guarantee that any particular image is
truly secure.  Read the disclaimer that comes with Lynx.  None of the
developers, past, present or future are going to accept responsibility
for a failure (bug) in the implementation of the "hooks" for the SSL
library.  I personally wouldn't use any Lynx to transfer money unless
Fote inspected the code and built it himself.

Netscape and MS, on the other hand, are liable for damages resulting from
the use of their proprietary software.  This software is only sold in binary
form, and modification of the binary, besides being illegal, would relieve
them of any liability.

> In other words, if I can phony up my agent string, and log into Wells Fargo
> with Lynx.. then it seems to be showing to me that Wells Fargo *isn't* actua

If you "phony up" anything, WFB is off the hook.  If you think you could win
a case against a corporation that size when you misportrayed your environment
during the transaction, think again.  The wording may be that they are trying
to protect you, which in fact they really are, the bottom line is that they
are even more interested in protecting themselves.

> Ugh, I can't word that very well..  What I mean is that at the moment it seems
> that they are basically *lieing* about the security requirements.

No.  They are first trying to protect themselves, and in order to do that
must do everything in their power to protect you, the customer.

> ARGH.  Sorry this is just starting to tick me off.. 

No problem.  Never worked for WFB, never will.  Basically you have three
choices (which may even tick you off more):
        1) Understand what I've explained above.
        2) Change banks. (But that won't help you.)
        3) Use online banking in a possibly insecure environment. (It's your

> You're unwilling to
> engage in the free flow of information?  Now I've got to find the lynx-dev
> archives.

Sound just like my students.  It's a learning experience.  Keep looking;
it's right at your finger tips if you're using Lynx.

But people have begun to forget, or no longer need, my archive digest
service so I'll give you the URL for that:
Unfortunately I may no longer be able to keep up this two-year tradition,
but I'll do my best.

> Would a patch allowing the User-Agent string to be a "cycle through the
> given values" be accepted?  Such as letting the user easily switch to

Has never been accepted in the past.  I hope people understand why.
You know, the freedom to do with Lynx as you like makes it beautiful,
and makes Netscrap and Exploiter ugly in comparison.  Be proud to wear
the "Lynx" label.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]