Google Chrome Extension Steals Login Details

← Back to Stories (view on slashdot.org)

Google Chrome Extension Steals Login Details

Posted by kdawson on Saturday July 10, 2010 @06:34AM from the hey-it-was-sitting-there-in-the-dom dept.

An anonymous reader sends word of a proof-of-concept Google Chrome browser extension that steals users' login details. The developer, Andreas Grech, says that he is trying to raise awareness about security among end users, and therefore chose Chrome as a test-bed because of its reputation as the safest browser. Grech says he does not doubt that Chrome is a safe browser, but the point is that such an extension could be written for any of them. Grech says he has not uploaded his extension to the Google Chrome repository or anywhere else; but he has published enough details to allow others to reproduce the technique easily.

110 of 155 comments (clear)

How is this different by yoyhed · 2010-07-10 06:41 · Score: 5, Insightful

How is this different than just downloading and installing a program? Chrome (and Firefox for that matter) give you a warning about trusting the source before installing an extension. Does it surprise anyone that allowing malicious code to run on their computer can expose their information?

--
WHO NEEDS SHIFT WHEN YOU HAVE CAPSLOCK/ DAMN1
1. Re:How is this different by binkzz · 2010-07-10 06:46 · Score: 2, Interesting
  
  You are correct, and this "news" article is hardly shocking or news. But I do agree that plugins have too many permissions.for all sites that you browse, and that security could be a lot tighter.
  
  --
  'For we walk by faith, not by sight.' II Corinthians 5:7
2. Re:How is this different by Anonymous Coward · 2010-07-10 06:57 · Score: 1, Interesting
  
  Some check boxes showing which permissions the plugin wants, and which permissions you will give it, would be nice, easy, and effective at preventing something titled as a "bookmark enhancer" from stealing your passwords
3. Re:How is this different by Jurily · 2010-07-10 07:04 · Score: 1
  
  Does a tight Noscript setup block the attempts of malicious plugins to communicate with malicious sites?
4. Re:How is this different by Tom · 2010-07-10 07:06 · Score: 4, Insightful
  
  Does it surprise anyone
  Yes, anyone who is not a geek.
  Look, to us tech people, these things are obvious. But everyone else out there doesn't have a clue. You have to design the car so that the user doesn't get the idea of looking into the fuel tank with a lighter, or if he does get that idea, that he can't do it. No matter how silly it sounds. This is why our society works, because we can safely use tools without having to be experts in them.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
5. Re:How is this different by Anonymous Coward · 2010-07-10 07:25 · Score: 1, Interesting
  
  Definitely not. Noscript only prevents scripts running on web pages.
6. Re:How is this different by rumith · 2010-07-10 07:28 · Score: 1
  
  Yes, but this crap is reported on Slashdot, which is advertised to deliver news for nerds, not plumbers! Hell, this guy didn't even try to upload his exploit to the official extension repository because, as he claims, he "didn't want to exploit the vulnerability and harm end users".
  Remember when Google pulled a vulnerability exploit proof of concept app from the Android Market, and purged it from end-user phones? That was a security research project. And this is just an A-grade crap.
7. Re:How is this different by yoyhed · 2010-07-10 07:28 · Score: 1
  
  What I meant by "does it surprise anyone" is "this is sensationalist BS to the Slashdot crowd". You're correct, but you're also missing my point - that this is about the same as downloading and installing any program, as far as the actions a user has to take to do so.
  
  Clueless people can go install LimeWire just as easily as they can install a bad extension for Chrome. Hell, look at how easy it is to download and install something from IE - try the installer at http://www.google.com/chrome in IE8. It's a single click to get the installer running, and subsequently downloading and installing Chrome on its own. Chrome actually has as much security/warning for an extension as IE8 has for any software download coded like Google's installer!
  
  --
  WHO NEEDS SHIFT WHEN YOU HAVE CAPSLOCK/ DAMN1
8. Re:How is this different by hitmark · 2010-07-10 07:30 · Score: 1
  
  sad thing is, most non-geeks will not read this unless it happens to land on some front page in scare-types.
  and even then they will likely not see the simple solution (be smarter when you browse) and instead hit the government "protect me!" button over and over like a caffeinated squirrel.
  
  --
  comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
9. Re:How is this different by yeshuawatso · 2010-07-10 07:32 · Score: 1
  
  You have to design the car so that the user doesn't get the idea of looking into the fuel tank with a lighter
  Or, you could educate the user that fire and gasoline don't mix. They don't need to know the chemical reaction side of it, but simply informing them that these two things don't mix shouldn't be too difficult. (I know you were being extreme to prove a point, so was I).
  I find it ridiculous to continually dumb down products. To me, this seems like it will cause a slippery slope to stupidity. What happens if we dumb down the products to the point where people don't know how to create them anymore, or the knowledge is only in the hands of the far and few? I resist the notion that learning should be back-seated for short-term profits. In the long run, people will become too stupid to buy those products and we're stuck with even dumber products.
  Case in point, I know what a chainsaw is; I know what it does. I also know that a chainsaw is a dangerous tool. Because of the danger, the risk involved, and my lack of knowledge on proper use, I'm not going to buy a chainsaw, crank it up, and yell timber because the manufacture replaced the pull cord with a button. I will hire someone who knows HOW to use the tool, and to teach me HOW to use the tool before I venture on my own.
  Dumbing down products isn't the answer, proper education is the answer, and there's a difference between making things easier, and making them idiot proof.
10. Re:How is this different by snl2587 · 2010-07-10 07:45 · Score: 1
  
  I find it ridiculous to continually dumb down products. To me, this seems like it will cause a slippery slope to stupidity. What happens if we dumb down the products to the point where people don't know how to create them anymore, or the knowledge is only in the hands of the far and few? I resist the notion that learning should be back-seated for short-term profits. In the long run, people will become too stupid to buy those products and we're stuck with even dumber products.
  Funny thing: how many people do you know in regular society that can put together a lightbulb? How about a microwave? What about the latest iPhone?
11. Re:How is this different by n0-0p · 2010-07-10 08:17 · Score: 4, Informative
  
  NoScript does nothing whatsoever to restrict extensions or plugins. Nor would it even possible for it to do so without a major redesign of Firefox's extension system including the introduction of a security model with trust levels.
12. Re:How is this different by n0-0p · 2010-07-10 08:18 · Score: 4, Informative
  
  Chrome already lists the permissions an extension requests at installation. The UI on that interaction is junk, so you need to be a fairly knowledgeable user to make heads or tails of it, but the information is definitely there.
13. Re:How is this different by Tom · 2010-07-10 08:23 · Score: 1
  
  Or, you could educate the user that fire and gasoline don't mix.
  Yes, and to only walk on green, and to install antivirus, and to have safe sex, insurance, not go into certain parts of town, keep the car in working condition, verify their patch level is current, check all money for forgery is easy as well, and two million other things.
  There is only so much that a human brain can actually act on. Storage is not the problem, recall is. Sometimes, the right decision is to educate people, but it is not a panacea. If it is easier to simply design in a safety than to educate everyone and keep them educated, then building in the safety is the proper thing to do.
  Also, often these things go hand in hand. I still don't understand why current operating systems don't indicate the priviledge level an application is running at by, say, a coloured border. You'd still need to educate people on what it means, but a fairly simple safety gives them a lot more options than the stupid "well, you could open a console and run ps" geek solution.
  
  What happens if we dumb down the products to the point where people don't know how to create them anymore, or the knowledge is only in the hands of the far and few?
  That's a philosophy that has never worked in all of human history. Sorry to say that. We always start out with new technology that only a few understand, be it fire, mathematics, science, cars or computers. At first, you need to be an expert just to use it. But then the rest of humanity wants a piece of the cake, too. That's when we "dumb down" the technology. Actually, it is not dumb at all, it is making it useable. I've written Linux kernel modules, and still I enjoy a good user interface design, because it makes my work easier, and more often than not I use the computer to actually accomplish something, not to mess with its interiors.
  I don't see a dictatorship anywhere just because we have put fire into light bulbs instead of torches, and give people lighters instead of teaching them how to use flintstone.
  Really, if you want to tinker with something, why not flat out say that you enjoy the tinkering? Why try to make it political?
  
  --
  Assorted stuff I do sometimes: Lemuria.org
14. Re:How is this different by yoyhed · 2010-07-10 08:36 · Score: 2, Interesting
  
  I agree with your sentiments. However, note that in IE it does NOT warn you at all - that's not good. There should be one warning.
  
  However, that's beside my point. I was just demonstrating that Chrome has plenty of warning for installing an extension, and that people should not get their panties in a bunch because *gasp* users ignoring a warning about downloading and installing software from third parties can lead to malicious code execution.
  
  --
  WHO NEEDS SHIFT WHEN YOU HAVE CAPSLOCK/ DAMN1
15. Re:How is this different by Spyware23 · 2010-07-10 08:43 · Score: 1
  
  Does it surprise anyone
  Yes, anyone who is not a geek.
  Look, to us tech people, these things are obvious.
  Please, most people (>90%) posting on Slashdot are perfectly ignorant of how security works. Don't toot your/our horn too much.
16. Re:How is this different by Anonymous Coward · 2010-07-10 08:45 · Score: 1, Interesting
  
  Funny you should mention NoScript, since that's a plugin that's already been involved in its own scandal. Not as bad as stealing login information but still a breach of the users' trust.
17. Re:How is this different by yoyhed · 2010-07-10 08:51 · Score: 1
  
  The problem with ActiveX was not the possibilities for malicious software, it was that it executed without warning until what, IE6 SP2? Even then there were ways around it if I remember correctly.
  
  Chrome gives you a clear warning for installing extensions. Chrome also runs each process in its own sandbox, unlike the security nightmare that was IE back in the ActiveX glory days.
  
  And of course I'm biased toward clearly better software (in this case, Chrome vs. IE).
  
  --
  WHO NEEDS SHIFT WHEN YOU HAVE CAPSLOCK/ DAMN1
18. Re:How is this different by yoyhed · 2010-07-10 09:12 · Score: 1
  
  I could have sworn that it behaves the same on a brand-new install of Windows 7 (and Chrome is usually the very first thing I install). However, I'm too lazy to test it on a VM so you may be right.
  
  --
  WHO NEEDS SHIFT WHEN YOU HAVE CAPSLOCK/ DAMN1
19. Re:How is this different by Anonymous Coward · 2010-07-10 10:03 · Score: 2, Funny
  
  NoScript does nothing whatsoever to restrict extensions or plugins.
  *gasp* HERETIC!!! This is SLASHDOT, unbeliever! The almighty NoScript and its blessed son FlashBlock are the infallible answers to every single problem you have ever had or will ever have. REPENT! REPEEEEEEENT!!!
20. Re:How is this different by Yvanhoe · 2010-07-10 10:08 · Score: 1
  
  Because, obviously, the average user who apparently is not able to read a warning on his computer screen is likely to go look for information on security blogs...
  
  --
  The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
21. Re:How is this different by nacturation · 2010-07-10 10:25 · Score: 4, Funny
  
  Maybe what the browsers need is some sort of vetted App Store for extensions, where all submissions are reviewed by a central authority and approved or rejected?
  
  --
  Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
22. Re:How is this different by yoyhed · 2010-07-10 10:28 · Score: 1
  
  Good call. I should have thought of that. I suppose I remembered it as one click because I mindlessly click through stuff like that when I know what I'm doing.
  
  My argument stands - Chrome gives you a warning for extension installation, so there's nothing to see here; unless it's suddenly news that installing third-party software and ignoring warnings about the possible consequences can lead to theft of information.
  
  --
  WHO NEEDS SHIFT WHEN YOU HAVE CAPSLOCK/ DAMN1
23. Re:How is this different by Anonymous Coward · 2010-07-10 11:09 · Score: 1, Insightful
  
  Like addons.mozilla.org?
24. Re:How is this different by yeshuawatso · 2010-07-10 11:19 · Score: 1
  
  I'm not trying to make this political, I'm just expressing my opinion (the only one I can give [yes, opinions are like...]).
  But to answer some of your questions:
  
  I still don't understand why current operating systems don't indicate the priviledge level an application is running at by, say, a coloured border. You'd still need to educate people on what it means, but a fairly simple safety gives them a lot more options than the stupid "well, you could open a console and run ps" geek solution.
  This isn't dumbing the OS down, it's creating a different translations/interpretation. However, making all applications run at a root or guest level because informing the user about permissions is too difficult is dumbing down the software. This is one of the best features about Linux. If you're going into root, then you most likely know what you're doing. Otherwise, you stay at the user level and sudo your way down if needed. MS got this wrong until Windows 7. XP Home gave anyone admin run rights and Vista didn't give any.
  
  I've written Linux kernel modules, and still I enjoy a good user interface design, because it makes my work easier, and more often than not I use the computer to actually accomplish something, not to mess with its interiors.
  But this isn't dumbing the tech down, as you're probably still doing the same action, just in a different way. I can type up a business plan in VI all day long, or I can use a word processor with a more usable GUI to work faster. But I understand why I'm using the WP vs VI. The problem with our society today is we're dumbing our tech to match the ever lowering intellect. This isn't so much a problem in other parts of the world as it is here in the US.
  I'm not talking about safety here, I'm talking about reducing our technology down to the point where the stupid are able to use it-- ONLY for the sake of profit. The motor vehicle is a marvelous technological breakthrough that reduced the time it took one to travel from one point to the other. However, it's also a moving death trap in the hands of the uneducated. Because it's so dangerous, every State in the US has a law that requires you to take an exam to ensure, to some degree, that you understand not only the rules of the road, but also how to operate the moving death box; only to reduce the chances of harming yourself and others. However, when we make the cars so that idiots receive less and less harm when in an accident, we have more and more wrecks. It's one of the reasons I admire roundabouts and traffic circles. Instead of providing traffic signals that people try to race with, ignoring the signs of a roundabout can be pretty unhealthy.
  Now, don't equate that we need the government's blessing to use a browser and the internet, but I don't think we should shield the stupid who refuse to read the warning signs. I say keep doing what we're doing and at least keep a lot of /.'s with steady employment fixing Windows. Educate the ignorant, don't protect them.
25. Re:How is this different by yeshuawatso · 2010-07-10 11:34 · Score: 1
  
  Yeah, I should have been more clearer. I didn't mean that the society today can put together their tech and the future won't, but those putting the tech together will be forced to merge into the ignorance because we're making the tech easier for them to create/put together instead of teaching them the long way before the shortcut. Example: A JavaScript programmer gets so used to using jQuery or Prototype that they forget how to do the same task when they don't have access to those libraries. I've seen the same thing happen to high school students who are allowed to use calculators so much they forget how to do the math by hand and head. Realistically, this will probably never happen, but in the event that it does occur, our society might be in trouble if the brawns rid the brains.
26. Re:How is this different by helix2301 · 2010-07-10 12:25 · Score: 1
  
  I agree this is not breaking news. We know malicious software can steal your information for any geek this is not anything new.
  
  --
  http://www.thetechnologygeek.org
27. Re:How is this different by scamper_22 · 2010-07-10 12:49 · Score: 3, Informative
  
  We, developers take it as a given that programs (and thus extensions) should be able to do anything. Arbitrary code if you will.
  If you actually think about it, it's a little nuts. You download an application, and it could reformat your harddrive.
  Truth be told, even we programmers simply rely on 'trust' that the various programs and extensions aren't doing anything evil.
  I don't go through every line of source code. I trust the developers. I trust a popular program. But it really is just that... trust.
  Now the OS does prevent somethings to enhance trust. There are file permissions for example.
  Other web technologies have other security. Silverlight for example can open local files... but the user has to manually select it via the windows file dialog. You can't program in a file location.
  They were smart enough to not just take the Active X approach were 'just because you visit this website and run the application, it can do anything'. They build limitations into the environment.
  So what safeguards does a browser provide?
  Well, password information is crucial. Quite frankly, any application that even attempts to access a password field should be blocked... unless the user explicitly understand this. And I don't mean some generic warning message that applies to every extensions.
  And so the point is... extension are no different than downloading and installing a regular program... but they bloody well should be!
28. Re:How is this different by BigDXLT · 2010-07-10 14:18 · Score: 1
  
  The news has to be dispersed somewhere. It's a reminder that we can't just dump alternate browsers on our friends and expect them to stay 100% secure. I'm not saying it's worse than IE, but if some people are gullible enough to download that virus program, they're sucker enough to download malicious plugins too.
29. Re:How is this different by Tom · 2010-07-10 14:20 · Score: 1
  
  The problem with our society today is we're dumbing our tech to match the ever lowering intellect. This isn't so much a problem in other parts of the world as it is here in the US.
  Ok, putting "don't dry hamsters in microwave oven" signs on every microwave is probably excessive. Then again, with a bit more of technology you could probably detect that there's a living being inside the oven and not turn it on. What is dumbing down, the sign or the automatic detection? I'm not arguing for the sign.
  
  Now, don't equate that we need the government's blessing to use a browser and the internet, but I don't think we should shield the stupid who refuse to read the warning signs.
  Why not? The example with the cars is only valid because it's a potentially deadly weapon to others. If you want to kill yourself because you didn't bother reading the instructions, by all means be my guest. It's endangering others where society gets interested, and governments become active.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
30. Re:How is this different by Runaway1956 · 2010-07-10 17:18 · Score: 1
  
  I might argue that you have cited the reason our society is most likely to fail. We protect morons from themselves, so that they can survive to breed. Society is selectively breeding more and more morons with each generation.
  If the idiot wants to peer down his fuel tube with a match, LET HIM DO IT!! Don't stand in his way. Hell, let's facilitate the operation - move the gas tank into the trunk, and put a trap door on top of the tank, and put a box of matches right beside the trap door.
  The gene pool really needs to be filtered.
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
31. Re:How is this different by TheLink · 2010-07-10 22:37 · Score: 1
  
  If you're paranoid, run multiple browsers using different accounts (under a main user).
  
  For example, you login as mainuser. Browser1 runs as wwwbrowser1, browser2 runs as wwwbrowser2.
  
  You do your banking stuff with browser1 which has zero or only extensions you are sure you can trust. You do your normal browsing with browser 2.
  
  You configure browser 2 to have a different skin (browser 1 has default skin), so that you can more easily tell the difference.
  
  This way if browser 2 is pwned. It is lesss likely to have access to browser 1's stuff, or mainuser's stuff.
  
  If browser 1 is pwned, despite you only using it for bank stuff, it's probably your bank's fault.
  
  Not sure you can do this easily with Google Chrome. I had difficulty running google chrome as a different user on Windows. I can do it with Firefox and IE. You can control which users show up on the login screen with TweakUI.
  --
  
  Too many replies beneath your current threshold
32. Re:How is this different by romania · 2010-07-10 23:36 · Score: 1, Insightful
  
  Firefox won't do a thing that is mildly original. They took the code base of some other browser, said they are going to make it smaller only to bring it to the same size the next version. Same goes for the features. Most OSS software goes the same way, the way of "hey, have you noticed that on that system they have this? cool, let's try to mimic it". So it's up to Safari, Chrome or Opera to implement something like this and Firefox will proudly label that as work in progress for the next major release.
  
  --
  http://www.accountkiller.com/removal-requested
33. Re:How is this different by n0-0p · 2010-07-11 03:25 · Score: 1
  
  I think you may have intended to reply to someone else. I was simply answering a question on NoScript's capabilities.
  Also I'm quite familiar with running multiple profiles; my job would actually be impossible without it. In Chrome you simply pass the --user-data-dir switch. I don't see how that's any worse than running Firefox with the -P and -no-remote switches (or the old way requiring env vars). I am curious how you run IE under a separate profile without using a different Windows accounts. I didn't think that was possible, and instead use runas to get an alternate profile in IE.
34. Re:How is this different by Anonymous Coward · 2010-07-11 04:04 · Score: 1, Insightful
  
  Funny story, that's the Safari 5's extension store concept.
35. Re:How is this different by yoyhed · 2010-07-11 04:51 · Score: 1
  
  if some people are gullible enough to download that virus program, they're sucker enough to download malicious plugins too
  And that's not the browser's fault in any way. You can't stop idiotic users from downloading malicious shit unless you stop them from downloading ANY program or plugin. They'll ignore every warning they see because they don't feel like reading.
  
  --
  WHO NEEDS SHIFT WHEN YOU HAVE CAPSLOCK/ DAMN1
36. Re:How is this different by yoyhed · 2010-07-11 04:55 · Score: 1
  
  If the whole ActiveX fiasco taught us anything, its that users will click on anything if they thing that on the other side of the dialog box is something they want.
  Exactly - and this is why Chrome's not at fault for this whole extension thing, and why it's not even a problem. They give a warning, and ignorant people will ignore it.
  
  --
  WHO NEEDS SHIFT WHEN YOU HAVE CAPSLOCK/ DAMN1
37. Re:How is this different by yoyhed · 2010-07-11 05:04 · Score: 1
  
  That's a good point. AFAIK, Chrome does have some sort of listing of what permissions the extension is requesting at installation - however, it should probably have an extra warning for password stuff.
  
  Ignorant people will probably skim over the initial warning because they see a bunch of stuff they don't understand (or more commonly because they DON'T EVEN BOTHER TRYING TO READ IT) - so the password warning would have to be as blunt as possible.
  
  I can't believe how many people just don't even bother reading dialog boxes before calling me. The answer is right there, the program is telling them, and they won't read it because they assume they won't understand.
  
  --
  WHO NEEDS SHIFT WHEN YOU HAVE CAPSLOCK/ DAMN1
38. Re:How is this different by TheLink · 2010-07-11 06:47 · Score: 1
  
  You did mention "introduction of a security model with trust levels".
  And I don't think it's going to be easy to do right while allowing many types of extensions - after all if there can be extensions that help manage passwords, it'll be possible to have extensions that can abuse them.
  So IMO it is better to just run different browser instances as different user accounts as I suggested.
  Running browser instances as the same user but different data directories does not protect you as much. Because if the browser is taken over, anything the user account can do, the "pwned" browser can do.
  Google Chrome and "run as" doesn't work so well: http://code.google.com/p/chromium/issues/detail?id=31387
  --
  
  Too many replies beneath your current threshold
39. Re:How is this different by n0-0p · 2010-07-11 15:21 · Score: 1
  
  You're conflating a few different things. There's origin security and there's local client security. Origin security is what protects you from one site accessing browser data from another site. Any discussion of extension permissions would apply primarily to origin security, because once you install anything with local client access you've already lost control. And when considering origin security, separate profiles within the same OS-level user account provide one method of strict enforcement.
  Now, if your concern is client level security against exploits (not malicious extensions or plugins), then you're far better off relying on the Chrome sandbox over a separate user account. The sandbox provides vastly lower privilege and much smaller attack surface than a normal user token, and OS-level privilege escalation vulnerabilities are far more common than sandbox bypasses. You can certainly use your approach in conjunction with the --no-sandbox option in Chrome, which should allow Chrome to work with runas. However, you'd be downgrading your security with that approach.
  The important thing to consider, however, is that no user should be expected to invest their own effort in a multiple profile solution. So, until someone creates something like the Chrome sandbox but with per-process origin isolation, there won't really be a general purpose solution providing a superior form of origin based security.
40. Re:How is this different by Tom · 2010-07-11 17:51 · Score: 1
  
  We protect morons from themselves, so that they can survive to breed.
  That is true, and it irks me to no end. However, the real problem is not selection - most of the moronic things are not deadly. The real problem is that we encourage stupidity.
  Just look at the idols of the day. Most of them are either dumb as shit, or at least pretend to be (I'm looking at you, Paris). Dumb is "cool". The whole football/soccer world cup has been a great example - otherwise smart people use it as an opportunity to become total idiot assholes for an evening, or several.
  Selection does not only work by killing people off. It also works by encouraging positive traits. And in mental abilities, encouraging works better since they are at least partially (how much is still in debate) a matter of upbringing and training and not genetic.
  The second problem is that the dumbfucks breed like rabbits, while the smart people get fewer kids, later in life. So what little selection you have is getting outpaced.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
41. Re:How is this different by TheLink · 2010-07-12 02:00 · Score: 1
  
  Conflating or not, I prefer a more role/task based concept.
  That way I can use one browser for lower security level stuff (whether visiting sites, or having more fancy plugins), and not have it affect my other browser which I use for higher security level stuff.
  And I can do this without having to buy multiple computers.
  If the browsers support sandboxing that's great. But whether they do or not does not affect my approach. I'd still be using multiple browsers, because it is just better "hygiene", and a more secure way of doing things. If say your banking site has weaknesses, it's harder for others to exploit that+you if you only use one browser for banking and only banking and it's not your default browser.
  In contrast if you use the same browser for everything, your risk goes up - you might type in the wrong password to the wrong site; there might be a flaw in your banking site, and some ad banner could cause you to load the "wrong link".
  If it is possible to run multiple distinct and separate instances of Chrome and keep sandboxing enabled AND the sandboxing applies to all externally exposed stuff (plugins etc), then I'd be happy to use it. Otherwise it would not be as secure.
  Lastly from: http://www.chromium.org/developers/design-documents/sandbox
  "Under Windows, there is no practical way to prevent code in the sandbox from calling a system service."
  --
  
  Too many replies beneath your current threshold
OK... by The+MAZZTer · 2010-07-10 06:42 · Score: 4, Insightful

He's just doing basic stuff here with that extension. When you try to install any extension Chrome throws up a warning that the extension can access your personal data on whatever sites the extension author has requested access to in the manifest.json file. Ignore that warning at your own peril, especially if it doesn't match with what the extension description says it should do.
Lots of extensions inject content scripts. Lots of extensions do random AJAX calls to random sites that the user doesn't have open in a tab. That he put the two together to steal data is hardly revolutionary.
The only problem I see is that if the author specifies enough websites in their extension permissions, Chrome truncates them to "multiple sites" which is a bit ambiguous.
1. Re:OK... by DMUTPeregrine · 2010-07-10 20:53 · Score: 1
  
  You have made the fatal mistake of assuming that users read warnings and dialogue boxes. They don't.
  
  --
  Not a sentence!
Standard abuse of trust. Is this /. worthy? by Anonymous Coward · 2010-07-10 06:46 · Score: 2, Insightful

Guy learns to program, abuses trust of software users. Film at 11?
In other news ... by gdshaw · 2010-07-10 06:50 · Score: 4, Funny

... a proof-of-concept Google Chrome browser extension that steal users' login details.
That's nothing. Wait till you see my research on what's possible when you get the user to install a malicious kernel module ...
1. Re:In other news ... by Nemilar · 2010-07-10 07:03 · Score: 1
  
  I get your point (that a kernel module, being low-level, gives you greater access), but I think a malicious browser extension is worse.
  * It's a lot less likely that a user will install a malicious kernel module, as compared to a browser plugin.
  * It's a lot easier for someone with bad intentions, a few hours, and a little coding experience to write a browser plugin, than it is for them to write a kernel module.
  * It's much easier to distribute a plugin, and the install base is much greater.
  * The signal/noise ratio of data you would want to steal is much more attractive for a browser plugin, than it would be inside the kernel.
  
  --
  Nemilar http://www.techthrob.com - Visit Me!
2. Re:In other news ... by hitmark · 2010-07-10 07:35 · Score: 1
  
  and this is why i dont worry much about rootkits for home computers, as even access to just the users account will likely expose a whole lot of valuable data to whoever wants it. so if one want more security the valuable data should be accessed by way of an account that only do so, and have no real contact with the everyday user activity.
  heck, was there not talk about a livecd specifically for banking?
  
  --
  comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
3. Re:In other news ... by gdshaw · 2010-07-10 07:55 · Score: 1
  
  You're reading too much into my subtle sarcasm: I was merely suggesting that this is a highly unsurprising result. All that has been discovered here is a special case of the rule that your security is at risk if you download and execute malicious code.
4. Re:In other news ... by hilather · 2010-07-10 08:10 · Score: 1
  
  ... a proof-of-concept Google Chrome browser extension that steal users' login details.
  That's nothing. Wait till you see my research on what's possible when you get the user to install a malicious kernel module ...
  I can't wait to see how long the instructions for installing your kernel module will be. Remember you have to /trick/ a regular user.
5. Re:In other news ... by gdshaw · 2010-07-10 09:05 · Score: 1
  
  OK, let me explain. The kernel module was what's known as a 'rhetorical device' intended to illustrate a point. The point was that writing a program do commit a dastardly deed, then executing it in a context where it has permission to commit that dastardly deed, is (a) not news, and (b) not even a security violation.
Super secret security advice... by christoofar · 2010-07-10 06:50 · Score: 1

Is this different than someone deciding to run a bash script that wipes their hard drive, as root?
So you can install an extension that's bad. Like you can open an e-mail attachment that's bad. Like you can open a programmable document that has a bad macro.
Seriously, where's the security concern? Don't install crap extensions and you won't have your passwords stolen through crap extensions. Easy enough?
Sandbox? by drolli · 2010-07-10 06:53 · Score: 1

how about a sandbox? How about stealing some Ideas from java? I think one can introduce a "Wants to read password" exception" or a "wants to transfer data outside" exception. And at least firefox points out to me that installing extensions requires thrusting the author
1. Re:Sandbox? by christoofar · 2010-07-10 06:56 · Score: 4, Funny
  
  I think you might also risk catching something if you're *thrusting* the author.
2. Re:Sandbox? by symes · 2010-07-10 07:02 · Score: 1
  
  For your average user, sometimes it is enough for a piece of software to come with a note saying that installing this app is absolutely essential. So the question is, do we harden the browser or do we harden the user? The latter is impossible, and thinking otherwise is potentially negligent. Seriously, people have tried suing burger chains because they got fat on burgers and chips. People have tried suing bar owners because they drank too much and crashed their car. The depths of stupidity know no limits. So the only realistic solution is some kind of sandbox. That or some sort of virtual eugenics programme where you have to pass tests in order to get online.
3. Re:Sandbox? by selven · 2010-07-10 07:18 · Score: 1
  
  The Chrome extensions system has the concept of permissions, where an extension must list the special permissions it needs in its manifest.json file. If the extension requires special permissions, the user is warned. If the extension tries to do something requiring permissions without asking for them, it fails. One comment in TFA says that the proof of concept extension given does require permissions. If that's true, then this is a nonstory, since it would be just as hard to get in by convincing the user to download an extension as it is to get in by convincing the user to download a program.
4. Re:Sandbox? by icepick72 · 2010-07-10 07:38 · Score: 1
  
  Whooaaa buddy! ... you can imagine thrusting the author in a sandbox all you want but let's keep this discussion clean.
5. Re:Sandbox? by n0-0p · 2010-07-10 08:30 · Score: 1
  
  It's just sad that you find it perfectly acceptable to comment like this on an application you obviously know absolutely nothing about. Chrome actually does run extensions in a sandbox. It also warns on installation of an extension, and explains what permissions that extension requires. If an extensions attempts something require a privilege that wasn't in its installation manifest the operation fails. As I said in another comment, the UI has issues and could certainly be improved, but the fact is that Chrome currently does everything you just implied it fails at.
6. Re:Sandbox? by drolli · 2010-07-10 16:21 · Score: 1
  
  I may point out that the style of the article implied it fails at this.
7. Re:Sandbox? by drolli · 2010-07-10 16:29 · Score: 1
  
  Yes, i think its an nonstory.
  However:
  Me (to secretary): I can access the webpage without getting a warning about the certificate
  Secretary: I cant access it without problems
  I (sitting besides her) see that she takes 0.1 sec to click the warning away: Ahem, you just got the warning!
  Secretary: yes, its always there.
  (And this was an company-internal application where the fix was to download the certificate exactly from the same untrusted website - that educates the users well)
  Maybe the permission for "reads password data" should not exist.
8. Re:Sandbox? by n0-0p · 2010-07-11 03:47 · Score: 1
  
  There isn't anything like "reads password data," nor could there be without drastic changes to the DOM standard and how JavaScript is implemented in modern browsers. The way the system works is that the installation manifest states what origins a content script will run in. And any script executing within an origin has access to all that origin's data. This is conveyed to the user with a message like "this extension can access data from site X.com" or "this extension can access data from all sites."
  If you have a proposal for something better, then please share it. But the Chrome extension security model was well researched. And it was apparently considered good enough that Apple and Mozilla are creating similar models with Safari and JetPack.
9. Re:Sandbox? by drolli · 2010-07-11 04:24 · Score: 1
  
  Did you read the document you cite? Its says: "We focus on benign-but-buggy extensions"; this seems to not the case here.
10. Re:Sandbox? by n0-0p · 2010-07-11 14:58 · Score: 1
  
  Not only have I read the paper, I've worked with a few of the authors on this subject matter. And that's why I know that it's essentially impossible to provide a useful extension API that is not also vulnerable to intentional abuse. Claiming the opposite is akin to claiming you've refuted Gödel's first incompleteness theorem. And if you've succeeded at either, I'd like to see the evidence. (Just a heads-up, you're starting to line up a pretty tall list of things you'll need to accomplish to support your arguments here.)
11. Re:Sandbox? by drolli · 2010-07-12 05:11 · Score: 1
  
  Before i claim the opposite, i would like to see your mathematical proof that a "useful" API can not protect against intentional abuse. (Citation?)
12. Re:Sandbox? by n0-0p · 2010-07-12 17:57 · Score: 1
  
  You have this backwards. I can point to every major browser, along with research directly addressing the topic. Whereas you haven't provided one iota of evidence to back up your misguided and ignorant statements.
  Since it's obvious you have nothing of value to contribute, I'm just going to close this out with a suggestion. When confronted with a topic you obviously know nothing about, please resist the temptation to make noise just so people will notice you. It just wastes everyone's time and prevents you from actually learning anything.
"For now.,," by John+Hasler · 2010-07-10 07:04 · Score: 4, Insightful

> For now, only install plugins from people you know and trust...
Um, "for now"?

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
1. Re:"For now.,," by AnonymousClown · 2010-07-10 07:48 · Score: 1
  
  Well, "for now" there is not much possibilities aside from that. But in a "hopefully" near future, we'll get some easy to use and easy to set-up security for thingslike extensions and plugins, so we'll be able to ignore the "people you know and trust" part. Except for, you know, unexpected flaws in said security.
  How? If you're going to use, let's say, a password and userid manager, you pretty much have to accept that the plugin is going to be storing and accessing that shit. Unless Google develops an API that acts as a secure black box - developer uses an API for passwords and UIDs and any other private type of information so that he has no access, a user will have to accept some loss of security for convenience. Then there's the issue of auditing the plugins for compliance.
  
  --
  RIP America
  July 4, 1776 - September 11, 2001
Re:UGH! When are you going to learn?? by countertrolling · 2010-07-10 07:10 · Score: 2, Interesting

They ARE censoring their search results. And they are doing that everywhere, not just China. What makes you think they aren't? Because they say so? Please... stop

--
For justice, we must go to Don Corleone
Erm, news? by thePowerOfGrayskull · 2010-07-10 07:14 · Score: 3, Insightful

So, he created a plugin that let him do what the plugin architecture is designed to allow him to do? I'm not sure how this is newsworthy...
1. Re:Erm, news? by Jahava · 2010-07-10 15:36 · Score: 1
  
  So, he created a plugin that let him do what the plugin architecture is designed to allow him to do? I'm not sure how this is newsworthy...
  Yeah, combined with the Android rootkit it seems like Google has no concept of security.
  These "security researchers" need to understand that there is neither respect nor prestige creating software that asks permissions to do something and then does it. They are merely pointing at various faces of a larger system flaw: that people who don't understand computers will not understand what any type of software can do to their computers. There really is no "best case" solution for this problem. Either choose a vendor who will lock you into their idea of secure, or go for an open market and be smart about it.
  Other Slashdot threads are pointing out that people don't understand their browsers / phones / etc. can get viruses from third-party code. If it hasn't been drilled into people that anything you do on your computer can be a virus, and that they should only do things at respectful places, there's no saving them.
2. Re:Erm, news? by thePowerOfGrayskull · 2010-07-11 16:57 · Score: 1
  
  They are merely pointing at various faces of a larger system flaw: that people who don't understand computers will not understand what any type of software can do to their computers.
  
  That's an excellent point, and one that most people miss. No matter how much security you lather onto a system (infrastructure and AV) or how difficult you make it to do mundane tasks (I'm looking at YOU uac and gksudo), it's fatally flawed if it has to be used by a person.
Re:UGH! When are you going to learn?? by insertwackynamehere · 2010-07-10 07:27 · Score: 1

[citation needed]
I really hate to do this but unless you can back that up, then please...stop
Re:UGH! When are you going to learn?? by countertrolling · 2010-07-10 07:30 · Score: 1

*sigh*

--
For justice, we must go to Don Corleone
You mean my computer is a general purpose machine? by calmofthestorm · 2010-07-10 07:33 · Score: 1

capable of running whatever code I instruct it to? Waah, I want big government/big business to protect me!
Seriously though, this isn't news. Extensions are intended to be general purpose, and in order to be powerful enough to do what you want, some risks are taken. I suppose you could take a partial sandboxing approach such as BitFrost or that taken in Android to warn users of what permissions are being requested (and mitigate the effect of expoits), but there's a tradeoff between functionality and safety.

--
93rd rule of Slashdot: No matter how obvious my sarcasm is, my comment will be taken seriously by someone.
We're #4! by AnonymousClown · 2010-07-10 07:42 · Score: 1

Take that Europe and your wimpy less than 10! Hah! We're so much better than you!
USA! USA! USA! USA!
Uh, wait a minute.

--
RIP America
July 4, 1776 - September 11, 2001
1. Re:We're #4! by RoFLKOPTr · 2010-07-10 07:50 · Score: 1
  
  That's not less than 10 in all of Europe. That's less than 10 for every one of those European countries listed (and 59 for the UK, and 188 for Germany, and 57 for Italy, and 32 for Spain... totalling much more than 123 for the United States for a lot fewer citizens than the United States). How is this at all relevant, anyway?
2. Re:We're #4! by countertrolling · 2010-07-10 08:09 · Score: 1
  
  Guess you didn't notice the red question mark over China. That's what we call censorship at their "request".. Relevant now? And it all goes back to my original premise that Google cannot be trusted with anybody's privacy, unless you happen to have the power of the state backing you up.
  
  --
  For justice, we must go to Don Corleone
3. Re:We're #4! by RoFLKOPTr · 2010-07-10 11:58 · Score: 1
  
  Relevant now?
  Not really. Google isn't telling you what information they're distributing... only that they're distributing information. You know they're distributing information to China just like they're distributing information to every other country Google has operations in. Google knows that you know this, and Google knows that anybody with any sense in their head won't need the exact number to know that Google is doing this (and that's why they make the question mark red and noticeable... if they wanted to hide it, they'd probably use a fake number or something). Hiding the exact number of Chinese government requests is a fairly small price to pay for an incredibly large slice of the Chinese money pie.
  And yes, Google is a corporation, and a corporation's primary objective is to make money. It would be incredibly foolish to do something that would make China kick Google out... especially if that thing is simply posting a little number that nobody actually cares about for the sake of making some nerds on Slashdot happy.
4. Re:We're #4! by countertrolling · 2010-07-10 12:24 · Score: 1
  
  The question mark is there to show us they acceding to China's wish that they not reveal "state secrets". They have stated as much. I never said they're trying to hide it. All I'm saying is that they are untrustworthy for the user, and their software is suspicious. They filter (and possibly misdirect) what you're searching for, and they try to track your every move. It's easy to block, but they are making the effort. And the fanboi-ism is also as extreme as with Apple. I hope that somebody with the resources is performing an in depth investigation.
  
  --
  For justice, we must go to Don Corleone
5. Re:We're #4! by RoFLKOPTr · 2010-07-10 17:15 · Score: 1
  
  They filter (and possibly misdirect) what you're searching for, and they try to track your every move.
  They filter results for people in China. The only thing they filter in the US is links to child pornography. Nothing else. Yes, they track your every move. Every search engine and Internet advertising firm does that. They don't do it so they can do bad things to you, they just do it so they can make more money from advertising. I still don't understand what point you're trying to make.
What is this browser safety you speak of? by nickdwaters · 2010-07-10 07:51 · Score: 2, Insightful

Security is only as effective as the experience and intelligence and of the user. You can't fix stupid. - Ron White
FF before version 2 by roman_mir · 2010-07-10 08:06 · Score: 1

I wrote an extension to FF long ago that was reading any form field at all, including password fields and was able to send this information to any address on the web via an http call. Starting from FF version 2 the method I used to read the form field (basically enumerating the form input fields with javascript) could no longer read the password field from a form.

--
You can't handle the truth.
1. Re:FF before version 2 by roman_mir · 2010-07-11 20:17 · Score: 1
  
  Intercepting POST on an encrypted page needs to be tested, but replacing an input element is easy, it will also need to replace characters with **** asterisks and then on a post it'll have to replace the input back with a password field with the actual password in it.
  FF does not need to modify API to protect against this, it needs to provide a way to protect specific pages from extensions modifying them, something like a 'locked page' that cannot be modified by any extensions. Any password page needs to be locked though.
  
  --
  You can't handle the truth.
Re:UGH! When are you going to learn?? by countertrolling · 2010-07-10 08:12 · Score: 1

Troll??? HAHAHAHA!
Fanbois to the rescue...

--
For justice, we must go to Don Corleone
In other news ... by GNUALMAFUERTE · 2010-07-10 08:25 · Score: 3, Insightful

Executing arbitrary code downloaded from the internet might lead to arbitrary code execution. Not news.

--
WTF am I doing replying to an AC at 5 A.M on a Friday night?
Re:Please point me to similar vulnerability on iPh by nickdwaters · 2010-07-10 08:31 · Score: 1

I was under the impression we were talking about Google Chrome and how an add-on has the capability of capturing user data / ids and passwords!
yep, and... by Brannon · 2010-07-10 08:38 · Score: 1

your original post claimed that these types of security holes were inevitable, the only way to combat them is with informed and careful users.
I countered that another way to counter them (even with uninformed and un-careful users) is to place all your users in a padded room which locks from the outside.
Andreas Grech by sycodon · 2010-07-10 08:43 · Score: 2, Insightful

Someone should illustrate his lack of body armor by shooting at him with a large caliber rifle.

--
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
1. Re:Andreas Grech by AmberBlackCat · 2010-07-11 04:24 · Score: 1
  
  Only if he's claiming to be bulletproof. A lot of Non-Windows/Non-IE product makers seem to want you to think they're more "bulletproof" than the Microsoft version.
Re:UGH! When are you going to learn?? by countertrolling · 2010-07-10 08:50 · Score: 1

The reasons make no difference. They are censoring.. Oh, and fuck copyright! Its sole reason for existence is censorship.

--
For justice, we must go to Don Corleone
Re:Evidence by Khyber · 2010-07-10 09:04 · Score: 1

"Evidence exists that browser plugins and extensions are providing a lot of leaks and possibilities for intrusions."
*coughFLASHcoughJAVASCRIPTcoughACTIVEXcough*

--
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Re:Any plugin or extension is a privacy & sec by icebraining · 2010-07-10 09:33 · Score: 1

I don't know of any browser that can't disable JS. With NoScript you can even do it on a per domain basis.

--
Dilbert RSS feed
The real question here is... by avatar139 · 2010-07-10 09:40 · Score: 1

...WHY Google allows so much potential access of personal data to installed Extensions?!
I mean every time I tried to install an extension on Chrome I got the warning that it could potentially access my user data and or browser history, and I still don't see any reason that extensions should (even potentially) be allowed access to that information!

--
I'm honest enough to admit I lie to myself.
Re:UGH! When are you going to learn?? by countertrolling · 2010-07-10 09:40 · Score: 1

controversial hate speech laws = censorship
copyright = censorship
And in direct violation of the 1st Amendment
You are wrong.
...not all government authority is inherently bad.
In this case it is.

--
For justice, we must go to Don Corleone
Re:UGH! When are you going to learn?? by countertrolling · 2010-07-10 10:16 · Score: 1

You cannot acquire any rights through censorship. Any and all regulation of speech is censorship.

--
For justice, we must go to Don Corleone
Still waiting for a link... by Brannon · 2010-07-10 10:51 · Score: 1

to some malicious extension or application available for the iPhone. My whole point is that it is possible to protect against clueless users installing a malicious app if you have a closed centrally managed app store. The GP post claimed that the only protection was user education.
Oh, and Chrome is built on top of WebKit also, genius.
Learn enough to know your limits. by SanityInAnarchy · 2010-07-10 12:02 · Score: 1

It's not about memorizing facts, or about recalling something, it's about knowing what you know and what you don't know. I don't know how to use a chainsaw properly, but I know enough to know that I don't know, and that I would need to learn how or I'm going to get hurt.

If it is easier to simply design in a safety than to educate everyone and keep them educated, then building in the safety is the proper thing to do.
That's true, if the safety has no downsides whatsoever. Otherwise, it bears more discussion.
For example, the iPhone and the Great Firewall of China, both of which claim to be making things more secure and stable for you by removing your choice. Even if the iPhone is more secure for the kind of user who would download BonziBuddy, I don't think it's worth it, and this is exactly what is meant by dumbing down. Compare that to your idea:

I still don't understand why current operating systems don't indicate the priviledge level an application is running at by, say, a coloured border. You'd still need to educate people on what it means, but a fairly simple safety gives them a lot more options than the stupid "well, you could open a console and run ps" geek solution.
But for this to work, you need to educate people on a hell of a lot more than "Here's a colored border." You need to educate them on what privilege separation means, why they might trust or not trust a given program, why they should trust things as little as possible, etc.
It requires fundamental education, much like you'd get from driver's education, to be truly useful. Yes, we should include antilock brakes, but those cannot be a substitute for knowing something about hydroplaning and ice.
You don't need to know how to change your oil -- you can pay someone else to do that. You don't even need to know how often to pay someone else to change your oil. You just need to know that cars occasionally need maintenance, and that before buying a car, you should learn what you need to know to maintain it.
To bring it back to the original "fire" example: If there are no disadvantages, we should make it so no one wants to look into their gas tank with a lighter. But there's a limit to how much idiot-proofing you can do. If you don't teach people that fire and gasoline don't mix, or about flammability in general, stupidity will find a way.

--
Don't thank God, thank a doctor!
1. Re:Learn enough to know your limits. by Tom · 2010-07-10 14:14 · Score: 1
  
  For example, the iPhone and the Great Firewall of China, both of which claim to be making things more secure and stable for you by removing your choice. Even if the iPhone is more secure for the kind of user who would download BonziBuddy, I don't think it's worth it, and this is exactly what is meant by dumbing down.
  
  Here's the funny thing: You're dead wrong. I'm an iPhone developer. There is no "dumbing down" here at all. Anything I want it to do, I can make it do. However what has happened, in comparison to 1980s computers, is that the user has most of the complicated stuff hidden away from him. That is not a conspiracy, it is the normal process by which things mature. Look at cars: Early on, you'd better know quite a bit about it, just to drive one. These days, you put your car into the ignition, and you care nothing about what goes on under the hood. Same with so many other things. Do you know how to make fire without matches? How to milk a cow? How to slaughter a pig? As our tools and our division of labour improve, the breadth of stuff you need to know reduces. There is nothing "dumb" in it. On the contrary, not burdening yourself with knowledge that has no use is a pretty smart thing to do.
  Especially in computers, the number of people who can do low-level stuff is not decreasing. The percentage is, not because there are less experts, but because there are more non-expert users.
  
  But for this to work, you need to educate people on a hell of a lot more than "Here's a colored border." You need to educate them on what privilege separation means, why they might trust or not trust a given program, why they should trust things as little as possible, etc.
  No, that is geek-think again.
  What you need to do is teach them which tasks require elevated priviledges and to become suspicious when something else, such as their mail program, suddenly has a red border.
  Yes, you need some education. But the better support your tools give, the less education you need. The main failure of security (and I work in the security industry, so it's partly my fault as well) is that for decades we've made the user responsible for everything, applauded ourselves with "stupid looser" phrases, and thought that education and awareness would solve our problems.
  
  But there's a limit to how much idiot-proofing you can do.
  I agree.
  However, I also insist that there is far more idiot-proofing possible than we tend to think. If you study design for a bit (not the computer stuff, the real-world stuff about light switches, doors, coffee machines, etc.) you are quickly surprised at how much a good design can solve. Our computer interfaces are worlds away from that at this time. They are crude, primitive, unhelpful and more of a hinderance than a support. Even the best of them. It's normal, we're still early in the development of computer technology as a whole.
  My point is that you have a 99% chance that whenever you think "what a stupid loser" about a user and his actions with a computer, there is something in the machine or the user interface that you can do to either solve the problem or make the user less stupid about it.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
2. Re:Learn enough to know your limits. by cffrost · 2010-07-11 00:10 · Score: 1
  
  [...] you put your car into the ignition [...]
  WARNING!: Putting car into ignition may result in injury or death. Please read owner's manual supplied with vehicle.
  
  --
  Thank you, Edward Snowden.
  
  "Arguments from authority are worthless." —Carl Sagan
3. Re:Learn enough to know your limits. by SanityInAnarchy · 2010-07-11 15:48 · Score: 1
  
  I'm an iPhone developer. There is no "dumbing down" here at all.
  For the user?
  
  Anything I want it to do, I can make it do.
  Jailbroken?
  
  the user has most of the complicated stuff hidden away from him.
  In the case of the iPhone, it's not that the complicated stuff is hidden. It's that it's actually forbidden -- see above. Can you make it do anything Apple doesn't explicitly allow?
  
  That is not a conspiracy,
  I never suggested it was.
  Nor do I think Apple and China are in a conspiracy to censor technology -- they just seem to agree (quite publicly and openly) that computer users need to be protected from themselves, beyond the point of making it simpler and more usable, and to the point of removing choices.
  
  Look at cars: Early on, you'd better know quite a bit about it, just to drive one. These days, you put your car into the ignition, and you care nothing about what goes on under the hood.
  I do, however, care that the hood is not welded shut. I care that like most drivers, I also know how to change a tire and jump a car -- and jumping a car is something that it's useful to be able to do once in awhile.
  
  Do you know how to make fire without matches?
  No. However, I do know how to properly use matches. I know that even when a match is out, I shouldn't immediately put it on something flammable.
  
  How to milk a cow?
  No, but I know not to drink spoiled milk. Do you see where this is going?
  I'm a technophile, I'm hardly a Luddite. I do appreciate things getting easier, and I said so. But there is a limit to how much I can avoid learning because of technology. Safety matches are better than normal matches, but you can still (easily!) burn yourself.
  
  What you need to do is teach them which tasks require elevated priviledges and to become suspicious when something else, such as their mail program, suddenly has a red border.
  Then they will come to me every time they see that, and when I get sick of it, maybe they'll believe the email that says "Don't be alarmed when Outlook's border turns red, this is part of a normal email virus scan."
  In this case, the basic principle is applicable to more than just this one thing (window borders), and is also not terribly complex. In particular, understanding the concept of trust will also help them understand what those scary certificate warnings are actually asking, why they shouldn't download random crap, why they should lock their computer when they're away from their desk, and so on.
  And it takes on the order of ten minutes to explain to an intelligent (but nontechnical) person. I speak from experience here.
  
  the better support your tools give, the less education you need.
  I'm not sure that's true. Hopefully less rote learning, sure -- I know dozens of commands by heart, and whenever I need to teach even one to a novice user, I consider that a failure.
  But the fundamental concepts haven't changed much, and can't be made much simpler without removing a crucial bit of understanding. Teach the underlying principles, and all the specific rules ("Only these three programs should ever be red!") become intuitively obvious.
  
  I also insist that there is far more idiot-proofing possible than we tend to think. If you study design for a bit (not the computer stuff, the real-world stuff about light switches, doors, coffee machines, etc.) you are quickly surprised at how much a good design can solve. Our computer interfaces are worlds away from that at this time.
  A light switch controls one or more light sources. At the very best, it can control brightness on a scale (a dimmer) rather than a simple boolean on or off.
  Doors are open, closed, or revolving. Some automatically open and
  
  --
  Don't thank God, thank a doctor!
4. Re:Learn enough to know your limits. by Tom · 2010-07-11 18:07 · Score: 1
  
  Nor do I think Apple and China are in a conspiracy to censor technology -- they just seem to agree (quite publicly and openly) that computer users need to be protected from themselves, beyond the point of making it simpler and more usable, and to the point of removing choices.
  Removing choices is what design is all about. In the words of Antoine de Saint Exupery: "You know you've achieved perfection in design. Not when you have nothing more to add. But when you have nothing more to take away."
  A light switch works so well precisely because it gives you two options: "Lights on" or "Lights off", instead of presenting you with a spectrum of things you can do with electron flow through a wire.
  
  Anything I want it to do, I can make it do.
  Jailbroken?
  *laugh* no. Why should I? Sure, some Apps would not be accepted in the App Store, but I can still put them on my own devices, no problem at all. Notice the "anything I want". There are certainly things that are not possible, but so far the limits I hit were all questions of technology (graphics performance, mostly) or design (e.g. no way to make a good interface of this on such a small screen).
  
  You may have a point, but you lose a lot of credibility comparing a computer to a coffee machine. I know we're all sick of car analogies, but they're a lot closer.
  The difference really isn't that massive. For the user, light switch, coffee machine, car, computer - all just tools to enable him to do what he wants to do. Sure, some of those tools have multiple functions, and computers probably the most. But still a tool.
  
  From what I hear, phishing scams still work.
  Here's the funny thing: A few years ago, a magazine did a test on phishing, giving well-made phishing mails to both novice users and security experts to let them say whether they think they're genuine or phishing. Turns out, the statistical difference between the two groups was not so high.
  I've analyzed that in a 2007 or so talk I've given in London. The main problem with phishing is that most of our e-mail programs seem to be designed to make phishing easy and noticing the details you need to notice to make the distinction as hard as possible. Almost all the information that is available that makes it possible to discern a phishing mail is hidden away somewhere. Meanwhile, all the information that triggers your mind that you need to react on this important mail - i.e. click on something - is large, in-your-face, middle-of-the-screen.
  Phishing is mostly a failure of interface design.
  
  I'm sorry, but there is no UI fix for that.
  Not one, but if you'd re-design the UI so that it is more helpful to the user, that would help a ton.
  
  And the only way around that is to move in the direction Apple and China seem to want to -- a whitelist.
  
  That's nonsense. Where do you have any evidence for that claim?
  
  That's not a technical problem. It's not a design problem. It's a social one.
  I agree, and as long as there are people there will be stupid people and stupid people will always be exploited. That doesn't mean we can't do anything about it, make it more difficult to exploit people, or easier for the smarter people to protect themselves.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
5. Re:Learn enough to know your limits. by SanityInAnarchy · 2010-07-12 12:02 · Score: 1
  
  A light switch works so well precisely because it gives you two options: "Lights on" or "Lights off", instead of presenting you with a spectrum of things you can do with electron flow through a wire.
  Mostly because, in that situation, it would be useless.
  By contrast, despite being automatic, my car's transmission also has a first and second gear and an overdrive toggle, not to mention neutral and reverse. That's just the transmission -- my car also has four separate braking mechanisms, each with their own unique interface. It may be possible to simplify this, but people are willing to put up with this situation from a car.
  Take a moment to look into a car sometime. Count how many separate controls there are, and remind yourself that this thing's purpose is ultimately to move you from point A to point B.
  As Einstein said: Make things as simple as possible, but no simpler.
  
  Sure, some Apps would not be accepted in the App Store, but I can still put them on my own devices, no problem at all.
  Define "no problem at all" -- as I understand it, you're describing a scenario which either requires a jailbroken phone or a dev kit.
  
  The difference really isn't that massive. For the user, light switch, coffee machine, car, computer - all just tools to enable him to do what he wants to do. Sure, some of those tools have multiple functions, and computers probably the most. But still a tool.
  I'm sure even our hypothetical user can tell the difference between a coffee machine, which takes perhaps two minutes of instruction (if that) on how not to get burned, and a car, which in many places takes several months of training before you're legally allowed to drive on public roads.
  
  A few years ago, a magazine did a test on phishing, giving well-made phishing mails to both novice users and security experts to let them say whether they think they're genuine or phishing. Turns out, the statistical difference between the two groups was not so high.
  So, which magazine, what was the threshold of "security expert", and what was the proposed action? I might say that an email looks legitimate, and still not click anything inside it.
  
  The main problem with phishing is that most of our e-mail programs seem to be designed to make phishing easy and noticing the details you need to notice to make the distinction as hard as possible. Almost all the information that is available that makes it possible to discern a phishing mail is hidden away somewhere. Meanwhile, all the information that triggers your mind that you need to react on this important mail - i.e. click on something - is large, in-your-face, middle-of-the-screen.
  This is what a naively "simple" design would call for. I can certainly look at headers (or the raw message) when I suspect something, but when I leave it on, it's annoyingly difficult to get through normal email -- users wouldn't have a chance. If we make it harder to click on things, we penalize people sharing links instead of pasting the entire article into the body of an email, among other things like registration links and such.
  So you simplify it -- make everything open when you click it, and hide away the scary headers so people don't have to learn about them. Until they do anyway, because they need to be able to check whether a message is forged.
  More importantly, simply clicking a link from a phishing email isn't likely to cause harm unless you also fall for the site it's linked to. I haven't seen a proposal for any way to make this better which doesn't come with significant drawbacks -- and here, the information is "hidden away" in the URL bar.
  
  That's nonsense. Where do you have any evidence for that claim?
  Which one? That the only way around is a whitelist, or that Apple and China seem to want whitelists?
  I don't have any evidence that China wants
  
  --
  Don't thank God, thank a doctor!
6. Re:Learn enough to know your limits. by Tom · 2010-07-13 03:53 · Score: 1
  
  Take a moment to look into a car sometime. Count how many separate controls there are, and remind yourself that this thing's purpose is ultimately to move you from point A to point B.
  I know. Cars are some of the things that you quickly come across when you teach yourself about design. And I mean car controls, not bodies. :-)
  The point is, of course, that the purpose is not to get your from A to B. If that were the ultimate purpose, the interface could be a lot simpler - and is. The interface for a taxi is "open door, sit down, close door, talk to driver, wait, pay driver, open door, get out, close door".
  All the additional complications of a car are because you want to drive from A to B yourself. Plus quite a lot of the controls have nothing to do with driving, they're for the stereo or the AC or they serve secondary purposes such as the gas gauge or the maintainance lamp.
  
  you're describing a scenario which either requires a jailbroken phone or a dev kit.
  I said very early on that I'm a developer, yes.
  
  I'm sure even our hypothetical user can tell the difference between a coffee machine, which takes perhaps two minutes of instruction (if that) on how not to get burned, and a car, which in many places takes several months of training before you're legally allowed to drive on public roads.
  But that's a difference in quantity, not in quality. As I said: Some of those tools are a ton simpler than others, but they're still tools. It's difficult for us computer geeks to understand sometimes, but the vast majority of people have no emotional connection with their computer at all. It's just a thing.
  
  And yes, that is the only way to prevent gullible people from being connected to con artists, and that still depends on the effectiveness of your whitelist. You seem to agree with me, actually:
  Not really. Stupid people will be exploited, end of story. I don't really feel sympathy for them. I just say that we make their stupidity the reason way too often, when in reality even smart people are victim of what's the real reason - a bad interface design.
  
  There really is no solution to the Windows-patch-via-email scam other than teaching people how patches are really delivered, and why no sane company would ever distribute patches through a mechanism like email.
  Really? Let me see... there is no solution to indicating the sender of a message better than believing the "From:"? We've not invented cryptographic signatures, I assume. There is no solution to link a download to the mail with the link to the program that was downloaded? And we already have popup messages warning us on installs of unsigned crap. Except that UAC and its W7 brother is an abomination of design, and is no help to a regular person at all.
  
  if users are ever expected to be able to download any software, they will have to be taught not to, and then (maybe) how to do it safely.
  We have not invented sandboxes, either. And we still think it's ok to give every program full access to the system, whether it wants to or not. We don't have RBAC or MAC or security policies.
  Well, we do, even Windows has a fine-grained security policy these days. Except that there is absolutely no useability in it, none whatsoever. Even if you're an expert, it's hidden away deeply.
  Chameleon was a proof-of-concept for a domain-seperated OS/GUI system. The idea is that you would download a game and install it into the "games" domain, which has a security policy applied that restricts the program in that domain to stuff that a game needs. And a game doesn't need to read your e-mails, monitor your keystrokes while you're in a different window, check your browser history, access files that don't belong to it, or modify your kernel. ...and so on for other domains.
  People don't understand security
  
  --
  Assorted stuff I do sometimes: Lemuria.org
7. Re:Learn enough to know your limits. by SanityInAnarchy · 2010-07-13 13:38 · Score: 1
  
  All the additional complications of a car are because you want to drive from A to B yourself. Plus quite a lot of the controls have nothing to do with driving, they're for the stereo or the AC or they serve secondary purposes such as the gas gauge or the maintainance lamp.
  And this maps well to computers.
  The additional complication of having to change the oil occasionally (or have someone else do it), knowing what the RPM gauge means (or at least that redlining is bad), needing a key to get into your car, etc, all have reasonable analogies in the computer world, and there doesn't seem to be much in a computer that doesn't have a similar analogy in the car interface.
  The additional stuff, like the stereo, air conditioning, windows, etc, maps to additional stuff users might have running in the background (music, an IM client, etc).
  There's an analog to a taxi, too, at least for some things -- you can ask a librarian for help looking something up. I can see where you also might compare a kiosk (or something similarly kiosk-ified, like an iPad) to a taxi.
  
  But that's a difference in quantity, not in quality.
  It absolutely is a difference in quality -- there is a test at the end.
  I realize the attitude may be the same -- just learn enough to get on the road and from point A to point B. The approach is quite different, though -- you're going to learn everything in the curriculum, you're going to be tested, and you'd better be able to demonstrate some level of competence before we're going to let you out there.
  
  the vast majority of people have no emotional connection with their computer at all. It's just a thing.
  I realize this. I feel no particular attachment to my car, either, though I realize some people do.
  But I have that bare minimum of understanding of how it actually works, and how it should be used. I know that it burns gas, that it needs oil to keep the engine from melting... I wince when I drive too fast over a pothole, knowing it can't be good for the shocks. That's both knowledge and intuition that's missing here.
  
  Really? Let me see... there is no solution to indicating the sender of a message better than believing the "From:"? We've not invented cryptographic signatures, I assume.
  No one wants to use PGP, and only the truly hardcore security geeks are ever at keysigning parties. The trouble here is the concept, not the UI -- most people really do seem to find it difficult to wrap their heads around a web of trust.
  S/MIME might be better, and I have to admit I have less experience with it -- it seems to be an individual, per-user cost, and requires the user to keep track of a private key, making things like webmail difficult. It's also at least one central, controlling authority of email. To do this right is a UI, technical, political, and educational challenge.
  It also complicates one possible response to spam -- different email addresses for different uses -- because email addresses suddenly cost much more.
  Add to this the fact that so few emails are sent with any signatures at all, and there's no way that I can assume a message is not genuine merely because it lacks a signature, even if it's from a user who frequently signs their mail.
  
  even Windows has a fine-grained security policy these days. Except that there is absolutely no useability in it, none whatsoever. Even if you're an expert, it's hidden away deeply.
  I do agree with this. I've actually noticed it for awhile -- I do it somewhat haphazardly myself, but there really does need to be a better way to instantly spawn new users (or at least contexts) for new applications.
  To be fair, we do have a platform which does this automatically -- the Web. And many native applications would need to be changed to work with greatly reduced privileges, especially to be usable in that case -- many programs, I w
  
  --
  Don't thank God, thank a doctor!
Untrue that this could be written for any browser by gig · 2010-07-10 13:11 · Score: 1

Safari on iOS (iPad, iPhone, iPod) doesn't have extensions. On iOS, instead of an extension, the developer just creates a whole other browser, and that has to be audited to be deployed. Although you may be able to write this for Safari on Mac/Windows, those extensions have to be signed to run, and signatures can be revoked immediately, so even if you got this deployed, at the first sign of trouble it stops running on 100% of systems. There is very little point in tagging a wall that can repaint itself instantly.
One problem with modern communication is the tendency to paint with too broad a brush. You found an attack vector in Chrome, that is real work, a scientific result. Don't fuck that up those hours of work by spending 1 second trumpeting an assumption that it works everywhere else. Either do the work to create the same extension on all other browsers or don't even fucking mention any other browser.
In another news by caekys · 2010-07-10 15:06 · Score: 2, Funny

Installing another mouse on your computer steals your cursor control.
In other News... by Anonymous Coward · 2010-07-10 15:22 · Score: 1, Funny

You might lose your valuables if you let a robber into your Home...
Why do we need a proof of concept of this? by mysidia · 2010-07-11 03:14 · Score: 1

It's not like anyone doubted this could be done. It is pretty obvious that passwords can be stolen by browser extension mechanisms. Why do we need to be giving bad guys a cookbook?
Do we publish proof of concepts of mass murder techniques, money laundering techniques, and drug dealing techniques?
Who and why is it considered ethical to publish instructions for password stealing in the general media?
So why does the article single out Google Chrome? by walterbyrd · 2010-07-11 04:56 · Score: 1

I am a little confused here. This article very specifically singles out Google Chrome. But, it turns out the same thing could be done with any browser?
Chrome extensions are different by idji · 2010-07-11 05:31 · Score: 1

Chrome extensions are sandboxed, unlike firefox extensions. Through the extension API there is no access to the password database for extensions. Even when the user looks at passwords in chrome the password is not written in a window, it is written directly on the canvas, giving no access to hackers.
The only way to get to the password database is to connect directly to the opensql database and decrypt the passwords with the userID - and that is how chrome password dumpers work.

this story is pretty meaningless - and has nothing to do with Chrome or really with Browsers.
Though it is an interesting idea to prohibit access to passworded objects in the DOM - but that would prevent "password strength checkers" to work.