This looks like a really useful tool ... there are some concerns on the #namecoin irc
[16:39] <randy-waterhouse>
http://namecoin.com/[16:42] <Jeremy_Rand> randy-waterhouse: do you know if the source code for the namecoin.com Firefox/Chrome plugin is posted anywhere?
[16:42] <echelon> d'oh.. whenever i looked up namecoin i got redirected to the dotbit website
[16:42] <echelon> extensions are already open source aren't they?
[16:42] <Jeremy_Rand> echelon: not necessarily, extensions can be obfuscated
[16:44] <randy-waterhouse> Jeremy_Rand: good point, caution advised
[16:44] <randy-waterhouse> hopefully namecoin.bit guy will post eventually
[16:44] <randy-waterhouse> maybe waiting for first mover advantage to cement itself?
[16:45] <randy-waterhouse> anyone know who is behiind namecoin.com ??
[16:46] <echelon> apparently this guy..
http://www.maayainfotech.com/[16:49] <echelon> interesting
[16:49] <echelon> the extension is not obfuscated
[16:49] <echelon> and it seems to retrieve this proxy auto-config file
[16:49] <echelon>
http://namecoin.com/extension/proxy.pac[16:49] <echelon> so the extension won't work if the domain is down
[16:49] <echelon> and they could change it later on
[16:49] <echelon> to do something more malicious
[16:49] <Jeremy_Rand> ok, so the .pac file is hosted on a non-HTTPS domain
[16:49] <echelon> yeah
[16:50] <Jeremy_Rand> wonderful, so even if the operator is legit, some random guy on your network can install whatever pac file he wants onto your browser
[16:50] <echelon> i dunno why they have to retrieve from the website anyway
[16:50] <echelon> it could've been packaged with the extension
[16:50] <Jeremy_Rand> yeah, suspicious
Show Posts
