[Fwd: BugTraq - how to coverup the security]

Ian Grigg iang at systemics.com
Tue Jul 15 20:56:29 EDT 2003 

Sean,

I apologise for the snippety email last night,
I obviously missed the point completely!

Sean Smith wrote:
> 
> > > Are other platforms more secure or do they just receive
> > > less scrutiny?  Or is it that Microsoft does not react quickly to
> > > found bugs? .....
> 
> My point was just that the browser paradigm was not really designed with the
> idea of making the security status information always clearly distinguishable
> from the content provided by malicious servers.
> 
> In our project, we'd looked at popular browser/OS combinations (two years ago),
> and found that (with some cleverness) you could produce fairly convincing
> impersonations in many scenarios. The barriers were repeatedly permeable. E.g.,
> does the browser mark your popup window with a label that spoils the spoof? No
> problem: just send an image of the window instead.
> 
> As has been mentioned on this list before, we also designed and implemented a
> trusted path solution in Mozilla. (But this was complicated by the fact that
> each new release of Mozilla seemed to break our code :)

That is significant!  Was this code not
folded back into Mozilla?

> > The question at hand is this:  if secure browsing
> > is meant to be secure, but the security is so easy
> > to bypass, why are we bothering to secure it?
> >
> > Or, if we should bother to secure it, shouldn't
> > we mandate the security model as applying to the
> > browser as well?
> 
> Exactly.
> 
> That was the whole point of our Usenix paper last year
> 
> E. Ye, S.W. Smith.
> ``Trusted Paths for Browsers.''
> 11th Usenix Security Symposium. August 2002
> http://www.cs.dartmouth.edu/~sws/papers/usenix02.pdf

Oh, my!!  That is a significant effort.
>From what I can see, you actually built
a browser with a security model, and
*tested* it against users.

That implies a *validated* security model
built against realised and known threats.

That's pretty unique!

I've only skimmed it so far, but it looks
like you are well ahead of us here.  I'm
curious to hear how successful you have
been convincing the Mozilla people to
adopt this?

-- 
iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list