Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Web Won't Be Safe Or Secure Until We Break It

Posted by Soulskill on from the i'll-get-the-hammer dept.

CowboyRobot writes "Jeremiah Grossman of Whitehat Security has an article at the ACM in which he outlines the current state of browser security, specifically drive-by downloads. 'These attacks are primarily written with HTML, CSS, and JavaScript, so they are not identifiable as malware by antivirus software in the classic sense. They take advantage of the flawed way in which the Internet was designed to work.' Grossman's proposed solution is to make the desktop browser more like its mobile cousins. 'By adopting a similar application model on the desktop using custom-configured Web browsers (let's call them DesktopApps), we could address the Internet's inherent security flaws. These DesktopApps could be branded appropriately and designed to launch automatically to Bank of America's or Facebook's Web site, for example, and go no further. Like their mobile application cousins, these DesktopApps would not present an URL bar or anything else making them look like the Web browsers they are on the surface, and of course they would be isolated from one another.'"

8 of 180 comments (clear)

  1. Nobody would ever hack that. by kwerle · · Score: 5, Insightful

    Yeah. Because nobody would ever hack/write a virus for the BofA DesktopApp that would collect login credentials, etc.

  2. Re:Uh... by zlives · · Score: 5, Insightful

    woo hoo one app per website thats just what we need. This is why MS came with the tiles...

  3. Brilliant! by SavSoul · · Score: 4, Insightful

    Did he just re-invent client-server desktop apps?

  4. Re:Uh... by jandrese · · Score: 5, Insightful

    Given the quality of your average bank website, I seriously doubt the quality of any application they would write. Plus it would be Windows only of course and barely maintained. I don't see how this is a win over a website.

    --

    I read the internet for the articles.
  5. I'm not even going to bother... by YodasEvilTwin · · Score: 4, Insightful

    outlining why, everyone else is covering it pretty well, but this is an incredibly awful idea. And its originator is an idiot as is he who decided this was worthy of posting to /.

  6. Re:Uh... by Anonymous Coward · · Score: 4, Insightful

    No. They've been calling them "computer programs" and "applications". They became "apps" thanks to the mobile market.

    That's not to say *no one ever* called them "apps" before, but the widespread usage of the term is entirely due to the mobile market.

  7. Re:An App For Every Website by Anonymous Coward · · Score: 5, Insightful

    I think I'll just stick with "not being a fucking moron." Kept me pretty safe so far.

  8. Re:Uh... by vlm · · Score: 5, Insightful

    You forgot they'll only certify it for certain OS and if detected on the wrong one it'll refuse to work and pop up a "please upgrade" message.

    And it'll demand you downgrade new platforms. So your vista laptop can't log into your bank.. pop up claims you need to "upgrade" to XP or more likely 98.

    "This page best viewed 640x480x8... here, since I'm a poorly written app now with system access instead of being a poorly written webpage, let me reconfigure your video card to be BankOptimized(tm)(c)"

    --
    "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger