Breaking Web Browsers' Trust

Printable View

May 22nd, 2009, 03:26 PM
Cheap Scotch Ron

Breaking Web Browsers' Trust

Is your SSL connection really secure?

Quote:

The researchers say that they were able to successfully attack Internet Explorer 7 and 8, Firefox 2 and 3, Opera 9, and Chrome Beta and 1.

Quote:

Chen's group uncovered a problem with the way Web browsers display information from Web pages when a secure communications link has been established. They found that most browsers will sometimes treat insecure data as if it's part of the secure protocol. This means that a Web proxy--a machine sitting in between the browser and a website--can issue commands that the browser interprets as coming from a secure website, even if they are not. "In reality, it's very difficult to make sure that you are using a trusted network," he says.

For example, when a browser requests access to a secure website, the proxy could return a fake error message that the browser displays as genuine. The browser could then be tricked into sending secure messages to both the legitimate server and the malicious proxy.

http://www.technologyreview.com/web/22682/
May 22nd, 2009, 03:54 PM
t34b4g5

So my ol' faithful k-meleon is not listed. That's fine with me... :drink:
May 22nd, 2009, 04:35 PM
JPnyc

odds are if it's based on the gecko engine, it probably has the same vulnerabilities.
May 22nd, 2009, 04:49 PM
Negative

Quote:

So my ol' faithful k-meleon is not listed. That's fine with me...

It states that the problem was fixed anyway :)
May 22nd, 2009, 08:33 PM
nihil

As I read it, they discovered a fundamental design flaw in several browsers produced by different people.

The question they seem to be asking is are there others that haven't been detected yet?

I guess it only really matters if you are trying to do something confidential in the type of environment suggested?