The Web Won't Be Safe Or Secure Until We Break It 180
CowboyRobot writes "Jeremiah Grossman of Whitehat Security has an article at the ACM in which he outlines the current state of browser security, specifically drive-by downloads. 'These attacks are primarily written with HTML, CSS, and JavaScript, so they are not identifiable as malware by antivirus software in the classic sense. They take advantage of the flawed way in which the Internet was designed to work.' Grossman's proposed solution is to make the desktop browser more like its mobile cousins. 'By adopting a similar application model on the desktop using custom-configured Web browsers (let's call them DesktopApps), we could address the Internet's inherent security flaws. These DesktopApps could be branded appropriately and designed to launch automatically to Bank of America's or Facebook's Web site, for example, and go no further. Like their mobile application cousins, these DesktopApps would not present an URL bar or anything else making them look like the Web browsers they are on the surface, and of course they would be isolated from one another.'"
No URL bar (Score:3, Insightful)
So we would have no clue as to where we were taken?
Yeah, that must be good security
An App For Every Website (Score:3, Insightful)
Nobody would ever hack that. (Score:5, Insightful)
Yeah. Because nobody would ever hack/write a virus for the BofA DesktopApp that would collect login credentials, etc.
Re:Uh... (Score:5, Insightful)
woo hoo one app per website thats just what we need. This is why MS came with the tiles...
We could just go back to Web 1.0 (Score:3, Insightful)
Most of what we want on the web is text and static images. Tables are nice. Maybe you need a handful of tags. Let the browser handle layout. That would be much easier to secure than the dynamic fustercluck we have now. There are probably more APIs than there were tags in 1999. There are probably hundreds of functions in your browser that expose security flaws. We could dump all of them and they wouldn't be missed.
Slashdot needs a handful of tags and good old CGI. That's all.
Decentralization has costs and benefits (Score:4, Insightful)
Frankly, I'll take the current internet with all its warts and diseases over some centralized, walled-garden approach that will STILL suffer from the same things, just in a different mechanic. The bottom line is how you decide what to trust in any system.
I'd submit that the problem isn't that the internet is the Wild Wild West, it's that it is the Wild Wild West without any sheriffs or cowboys. No, I'm not talking about regulation of the internet; I'm talking about people who break laws (fraud, theft, etc.) being found and prosecuted regardless of what tool (postal system, telephones or internet) they used to do it.
Brilliant! (Score:4, Insightful)
Re:Uh... (Score:5, Insightful)
Comment removed (Score:5, Insightful)
Re:Uh... (Score:4, Insightful)
No. They've been calling them "computer programs" and "applications". They became "apps" thanks to the mobile market.
That's not to say *no one ever* called them "apps" before, but the widespread usage of the term is entirely due to the mobile market.
Re:An App For Every Website (Score:5, Insightful)
I think I'll just stick with "not being a fucking moron." Kept me pretty safe so far.
Re:Uh... (Score:5, Insightful)
You forgot they'll only certify it for certain OS and if detected on the wrong one it'll refuse to work and pop up a "please upgrade" message.
And it'll demand you downgrade new platforms. So your vista laptop can't log into your bank.. pop up claims you need to "upgrade" to XP or more likely 98.
"This page best viewed 640x480x8... here, since I'm a poorly written app now with system access instead of being a poorly written webpage, let me reconfigure your video card to be BankOptimized(tm)(c)"
Re:Broke it (Score:4, Insightful)
(Each of them with their own bugs.)
Yeah. That's an improvement. Sure.