Hacker News new | ask | show | jobs
by xyproto 2958 days ago
Are elinks users safe?
3 comments
shakna 2958 days ago
elinks aren't safe, full stop.

A failure to verify SSL certificates has plagued elinks since 2012 [0]. Some versions protect, but the bug returns.

[0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694658

link
jwilk 2958 days ago
404 Footnote Not Found
link
shakna 2958 days ago
... Thanks. Apologies, I'm having arguments with my assisted keyboard.
link
sitkack 2958 days ago
Are elinks users safe from AFL ? If you are using elinks not in at least a container, you are asking for pownage.
link
jwilk 2958 days ago
What's AFL?
link
sitkack 2958 days ago
http://lcamtuf.coredump.cx/afl/
link
jwilk 2958 days ago
Oh, I know this AFL. But it didn't make sense in the context of your question, so I assumed you meant something else.

What do you mean by being "safe from AFL"?

link
sitkack 2957 days ago
Well, elinks is a cul-de-sac, and AFL would probably obliterate it, so elinks users are most probably putting themselves in more danger than they avoiding.
link
jwilk 2958 days ago
elinks doesn't render iframes, so this attack wouldn't work.
link