Domain: bromium.com
Stories and comments across the archive that link to bromium.com.
Comments · 4
-
Business plan
1. Write software to sandbox $APPLICATION
2. Release report exaggerating "increase in vulnerabilities" in $APPLICATION
3. Profit! -
Re:Eh?
Yeah, even reading the PDF (http://www.bromium.com/sites/default/files/bromium-h1-2014-threat_report.pdf/) didn't show any sort of "AAAAAHHHHH!!!! The world is ending!" type of numbers. They show IE decreasing the patch time since 2007. There are charts showing that Zero days are decreasing. The Appendix shows 3 more entries in the National Vulnerability Database. Reporting statistics in percentages without referring to what the percentage is based on is just clickbait.
All software has holes. Larger use base makes for a bigger target. Blah blah blah. These stories aren't going to chance what people use because the common person isn't reading them.
-
Re:Architecturally Insecure
Windows, any version, is architecturally insecure.
Actually every operating system is and anything widely in use will be targeted, as has been demonstrated quite clearly in the past couple of weeks, we have had:
The Windows EMET vulnerability
The Android E-Z-2-Use drive-by vulnerability
The OSX & iOS SSL vulnerability -
Mitigation strategies
TFA is correct that there isn't anything to patch per se. However, it's possible to mitigate the effects of this by using multiple completely isolated browser sessions for different purposes. Your banking VM should always be used for banking, nothing else. Clear cookies and browser history at the end of the session. All that while other VMs should be used for their own specific purposes with their own security configuration.
This is very well implemented in Qubes OS but can also be implemented via regular VMs. The guys at Bromium have also an interesting approach to this issue via microvirtualization using hardware.
Net/net, the important thing is to make sure that whatever the attacker can get, it's irrelevant in the big picture of things.