On Tue 03 Nov 2015 at 23:07:56 (+1300), Chris Bannister wrote: > On Tue, Nov 03, 2015 at 08:27:42AM +0000, Joe wrote: > > On Mon, 2 Nov 2015 22:53:03 +0000 > > Brian <a...@cityscape.co.uk> wrote: > > > An attacker must inject a payload into a web page that the user > > > visits. When the page loads in the user’s browser the attacker’s > > > payload will be executed. A user would likely have no knowledge of > > > this, irrespective of whatever browser or user-agent string is being > > > used. > > > > > > Without the payload (which the bank's site has delivered) the security > > > of the browser is not compromised. If a password were to be obtained > > > the bank is complicit in the action. I expect they would take > > > responsibilty for this. > > > > > You were going fine until the last sentence... > > Umm, no, look up the meaning of the word 'expect'.
You wouldn't be accusing Brian of using weasel words, would you? https://lists.debian.org/debian-user/2015/11/msg00076.html Cheers, David.
