Comments

(newest first)

  • anD | Fri, 13 Sep 2013 21:33:53 UTC

    It is interesting that this page uses the following tracking cookies for Google Analytics, Google +1, and Facebook Connect.
  • Chris Leonard | Mon, 25 Mar 2013 18:34:57 UTC

    I think that the people who say that more responsible browsing habits will fix these problems do not understand the problem.  These are information-gathering techniques that happen routinely on websites you trust.  It isn't just some trivial matter of using Incognito mode and then you're safe.  Many of these problems cannot be prevented by users in any way without breaking web apps.
    
    Also, to the person who said that this is just client-server computing reinvented, I see where you're coming from, but phone and Metro apps can generally behave more like browsers, with display logic on the client and (mostly) everything else on the server.  Traditional client-server apps have much "fatter" clients, which leads to application maintenance difficulty compared to an iOS / Android / Metro-style app model.
    
    The person who pointed out that Windows 8 is leaning in the right direction is spot on.  Build apps on an infrastructure that enforces an appropriate degree of separation.  Then say goodbye to browsers, and I say good riddance.
    
  • sudon't | Sun, 17 Mar 2013 18:26:38 UTC

    I have alway felt that security is up to the individual. Otherwise, you're asking essentially dishonest people, (politicians, businesses), to protect you from themselves. 
    But is what I do enough? My router access is https only, and password set. I create a new identity for each site, and never log in with a Google or FB identity, (thank god for Keychain!). I never use my real name online. I use AdBlock, Cookies, Ghostery, JavaScript Blocker extensions, and Privoxy. And of course, I use a Mac. I wish that I could encrypt my email, but everyone else is too lazy to do it.
    Still, I wonder what other holes are left unplugged.
  • qmc | Tue, 12 Mar 2013 02:28:47 UTC

    The rfc1918 problem is not html's fault at all.  The problem stems from everyone having their router on one of about 6 different GPs, because of pnat which can hardly be blamed on html. If everyone had their own networks (v4 or v6) this wouldn't be an issue.  Also, it doesn't protect any users who aren't on rfc1918 space (corps or delegations).  The real issue is the poorly designed embedded webservers which don't require any sort of form token to make changes.
  • jon | Fri, 09 Nov 2012 07:58:57 UTC

    I think I'll stick with using a modest amount of intelligence while browsing the web. Has done the trick the last 15 years. Also, people should not be allowed on the internet without some sort of test. We don't let everyone drive a car too, do we?
  • Eric | Thu, 08 Nov 2012 15:28:17 UTC

    How many of Mr. Grossman's identified vulnerabilities can be solved 
    through the use of browser-side plugins like Ghostery or NoScript? Or are
    the issues so deep in browser design that isolation is the only currently    
    practical solution, e.g the profile-per-site Firefox
    workaround linked to in Matthias' comment?
    
  • John B | Thu, 08 Nov 2012 13:04:50 UTC

    I rather think the presenter is being a wee bit facetious regarding iOS or Android "separating" apps. Both platforms' apps act rather incestuously and are designed intentionally to interoperate at levels invisible to the user, without the user's awareness or consent. 
  • Fred Andrews | Thu, 08 Nov 2012 01:56:53 UTC

    Thank you for the great explanation of the issues.  The W3C Private User Agent Community Group, http://www.w3.org/community/pua/, is exploring some of these issues and has some options that you may be interested in, see:  http://www.w3.org/community/pua/wiki/Draft
    
    cheers
    Fred
  • Karlan | Wed, 07 Nov 2012 23:08:12 UTC

    There are any number of plugins and options within most browsers that are able to address address a number of these issues.
    
    Regardless of the security implications, though, why is the solution to build a more restrictive system to provide safeguards, rather than trying to improve education and awareness about the risks and insecurities that are inherent to the existing system?  The former provides no incentive for critical thought and requires the expenditure of rather significant amounts of effort by the people least likely to be personally effected by these flaws at the cost of elevated restrictions built into the system, whereas the latter provides an incentive for elevated levels of critical thought and increased effort by the people most likely to be effected by these issues at a cost of the continuation of the current systemic state of affairs.
    
    The general public may not like being told that their browsing methods are wrong, but as indicated in the first comment, all of the attack methods identified in the article can be addressed by browsing in an "old-fashioned" manner, without being logged into the browser, visiting only one page at a time, and having the browser clear your cache and cookies at the end of each session. This method need only be pursued for access to sites for which the user wants to ensure a secure browsing session.
    
    Frankly, since IP addresses are available by necessity to web administrators, and IP Address Geo-location is in many cases more accurate than "City/State", going down to the street address level, the ability to unmask most users will still be available to those dedicated and malicious admins, by virtue of pulling the IP Address geo-location, going to that place, and checking through the user's mail, peering in through the user's window, or checking out the contents of the user's car.  This will also reveal, for many users, their banking choices, credit card selections, and shopping tendencies.  The user must take steps to be aware of and safeguard against these physical intrusions, why should digital intrusions require developer-side intervention to solve?
  • Christine | Wed, 07 Nov 2012 22:17:36 UTC

    Err, desktop apps, isn't that what we were doing about 20 years ago, before everyone said we should move to web sites? Does "client-server" ring a bell?
  • Technologist | Wed, 07 Nov 2012 22:01:15 UTC

    I think this comment from user  Nemyst on slashdot says it best:
    
    "Someone would come up with another app that let you search through your other apps. They could call it... a search engine, maybe?
    
    Then we'd rename those apps as "web pages", as they're pages networked together in a giant web.
    
    Then someone else would think of making a single, unified app viewer, which would let you browse through multiple apps in an interlinked fashion. Browser could be a good name for that.
    
    Dude, that sounds so revolutionary. Nobody would've thought of that before."
    
  • chip | Wed, 07 Nov 2012 21:42:00 UTC

    This is some good stuff, and definitely the direction developers/security professionals/etc. need to be thinking
  • EricLaw [Ex-MSFT] | Wed, 07 Nov 2012 17:46:10 UTC

    Windows 8's HTML+JavaScript app model provides much of the isolation proposed here. Additionally, worth noting is that the "Metro-style" Internet Explorer browser enforces the RFC1918 restrictions proposed. See "Private Network Resources" here: http://blogs.msdn.com/b/ieinternals/archive/2012/03/23/understanding-ie10-enhanced-protected-mode-network-security-addons-cookies-metro-desktop.aspx
  • Matthias | Wed, 07 Nov 2012 10:54:56 UTC

    DIY (user-configured) DesktopApps with Firefox, today: use one profile per isolated site.
    http://kb.mozillazine.org/Opening_a_new_instance_of_Firefox_with_another_profile
Leave this field empty

Post a Comment:

(Required)
(Required)
(Required - 4,000 character limit - HTML syntax is not allowed and will be removed)