[Cryptography] defaults, black boxes, APIs, and other engineering thoughts

Paul Ferguson fergdawgster at mykolab.com
Mon Jan 6 00:26:55 EST 2014 

One small contribution to this discussion, although somewhat adjunct, is
that browsers can be made much "more armored" or resistant to
exploitation with only a simple plug-in (or two).

For example, my Firefox 24.2.0 + NoScript 2.6.8.10 is *much* more
resistant to almost any in-browser exploitation, when properly
configured and used. But there's the rub. It ain't for everyone.

Having said that, what we are talking about here is the fact that it
should *not* take an advanced operational knowledge of technology to be
able to use it. Even the most advanced technology has to be usable.

It has to be usable for everyone. Usable, plug-in encryption can also be
that way.

- ferg


p.s. I regularly PayPal money to Giorgio Maone when he releases a  new
version of NoScript. As far as I am concerned, NoScript is one of the
best software ideas in a long time, and I fully endorse user-supported
software.

On 1/5/2014 3:07 PM, Joe St Sauver wrote:

> Hi,
> 
> Jerry commented:
> 
> #For what it's worth, I think Chrome is probably, across time, the most 
> #secure, because Google puts a huge amount of effort involving a really 
> #experienced team into making it so.
> 
> The Educause Technologies, Operations and Practicies (formerly Educause
> Security Effective Practices) working group started an effort to make
> recommendations that would help higher ed people improve the security 
> and privacy of their browser configs. I'd naively assumed that would 
> be a relatively straightforward task, but I've increasingly come to 
> appreciate just how subtle that objective actually was, even when it 
> comes to something as seemingly straightforward as choice of browser.
> 
> For example, you mentioned Chrome, a very popular browser. There's a lot
> to like about Chrome, including the fact that it support TLS 1.2, and 
> the way it supports IPv6 (by way of contrast, Firefox still is stalled at
> TLS 1.1, and even when network connectivity is dual stack, Firefox still 
> prefers IPv4 over IPv6). And there are many more features in Chrome that
> are really great, too,
> 
> On the other hand, Chrome is produced by the Internet's largest and most
> successful online marketing enterprise. Perhaps not surprisingly, at 
> least some have been critical of its user tracking provisions, and how 
> Chrome handles privacy issues (e.g., see for example 
> http://www.pcmag.com/article2/0,2817,2373860,00.asp , although I give 
> Google credit for doing a good Chrome Privacy white paper, *if* people 
> bother to read it, see
> https://www.google.com/intl/en/chrome/browser/privacy/whitepaper.html ).
> 
> If you are ever feeling bored and/or paranoid, install Little Snitch on 
> a Mac and fire up Chrome. You'll be surprised at the amount of outbound
> traffic you'll see that you didn't explicitly originate when you're 
> running Chrome in its default configuration.
> 
> What does this mean? Well, fundamentally, there may be tensions between 
> browser security and privacy, where emphasizing one may require 
> compromises when it comes to the other. 
> 
> #I place some amount of trust in Safari, but that's a matter of 
> #statistics, not anything special about the code:  People aren't 
> #attacking it as much.  (Apple seems to have been getting ever 
> #more serious, but how far they've come is hard to judge.)
> 
> My concern with Safari starts with the fact that Safari on at least
> some operating systems has been "orphaned" -- for example, Safari
> for Windows has been frozen at 5.1.7, which is distressing if you
> believe Safari releases since then have fixed important security-related 
> bugs. (See http://support.apple.com/downloads/#safari to see what
> versions are available for various platforms)
> 
> We could also talk about IE, but in that case, there's no version 
> for Mac OS/X (which makes that a moot option when it comes to using
> it in my case, unless I want to do something like run a Windows VM
> for browsing purposes).
> 
> There is also Opera, but the scarcity of its adoption makes any user 
> using it "stand out from the crowd," which is the antithesis
> of what a privacy and security-concerned user may want. (The same
> can be said for all the other uncommon browser options)
> 
> Like I say -- choice of browser for the security *and* privacy 
> concerned users can be tough.
>  
> #I just don't see how they can possibly be made secure.
> 
> You need to break a *lot* of functionality, particularly if you want
> a browser that is both secure *and* private. It's unclear to me that
> anyone can produce a web browser configuration that is secure, AND
> privacy preserving, AND still usable with modern/popular Alexa 100
> class web sites. And if you do manage to do so, you'll be distinctly 
> ususual, and as such, you'll stand out from the normally-insecure 
> and normally-heavily-tracked average user.
> 
> (And if you look at https://panopticlick.eff.org/ , it quickly becomes
> apparent that even if you block everything except things like 
> your routinely-reported system font string and other routinely
> reported-by-default bits, you're still going to be all-too-easily 
> trackable)
> 
> #I do find fascinating the reaction to the never-ending series of 
> #security issues in Flash and Java.  What people have learned from 
> #this is:  Plugins are bad; Flash itself is bad.  
> 
> Plugins are another example of a time when you need to make tough
> choices. For example, in Firefox, there are terrific plugins that
> do a nice job of blocking advertising (including potentially 
> malvertising), and others that do a nice job of blocking trackers,
> and still others that reduce the risks associated with scripting,
> etc.
> 
> Deciding that you're going to run zero plugins may thus (at least 
> in some cases) *decrease* your security and/or *increase* your 
> privacy exposure.
> 
> And when it comes to Flash, things like the integrated Chrome 
> Pepper Plugin architecture complicate Flash usage management
> ( https://support.google.com/chrome/answer/108086?hl=en )
> 
> #> * Same question, but for pdf files?
> #I think we have the makings of an excellent context here:  Pick 
> #one of these - PDF is probably the best choice - and ask for a 
> #secure implementation.  
> 
> Again, decisions in some browsers (such as Chrome) to include an
> integrated copy of Adobe PDF Reader (see 
> https://support.google.com/chrome/answer/1060734?hl=en ) complicates 
> any effort to manage PDF content processing, including deploying an 
> alternative PDF reader (such as Foxit Reader, 
> http://www.foxitsoftware.com/downloads/ )
> 
> Trying to secure the web browser, and attempting to increase user 
> privacy on the web, too, is a fascinating/challenging exercise.
> 
> Regards,
> 
> Joe
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
> 


-- 
Paul Ferguson
PGP Public Key ID: 0x54DC85B2

More information about the cryptography mailing list