Breaking Web Browsers' Trust
Results 1 to 5 of 5

Thread: Breaking Web Browsers' Trust

  1. #1
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378

    Breaking Web Browsers' Trust

    Is your SSL connection really secure?

    The researchers say that they were able to successfully attack Internet Explorer 7 and 8, Firefox 2 and 3, Opera 9, and Chrome Beta and 1.
    Chen's group uncovered a problem with the way Web browsers display information from Web pages when a secure communications link has been established. They found that most browsers will sometimes treat insecure data as if it's part of the secure protocol. This means that a Web proxy--a machine sitting in between the browser and a website--can issue commands that the browser interprets as coming from a secure website, even if they are not. "In reality, it's very difficult to make sure that you are using a trusted network," he says.

    For example, when a browser requests access to a secure website, the proxy could return a fake error message that the browser displays as genuine. The browser could then be tricked into sending secure messages to both the legitimate server and the malicious proxy.
    http://www.technologyreview.com/web/22682/
    In God We Trust....Everything else we backup.

  2. #2
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391
    So my ol' faithful k-meleon is not listed. That's fine with me...

  3. #3
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    odds are if it's based on the gecko engine, it probably has the same vulnerabilities.

  4. #4
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    So my ol' faithful k-meleon is not listed. That's fine with me...
    It states that the problem was fixed anyway

  5. #5
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    As I read it, they discovered a fundamental design flaw in several browsers produced by different people.

    The question they seem to be asking is are there others that haven't been detected yet?

    I guess it only really matters if you are trying to do something confidential in the type of environment suggested?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Similar Threads

  1. Lies, Betrayal, and Misplaced Trust?
    By Relyt in forum The Security Tutorials Forum
    Replies: 1
    Last Post: December 30th, 2005, 04:34 AM
  2. Criminal IT: Should you trust the Internet?
    By SDK in forum Miscellaneous Security Discussions
    Replies: 4
    Last Post: January 28th, 2005, 04:54 PM
  3. In God We Trust...
    By devilmech in forum Cosmos
    Replies: 27
    Last Post: September 2nd, 2003, 02:23 PM
  4. the anonymity tutorial
    By hot_guy in forum AntiOnline's General Chit Chat
    Replies: 3
    Last Post: August 2nd, 2003, 02:18 PM
  5. Anonymoity Tutorial
    By ac1dsp3ctrum in forum The Security Tutorials Forum
    Replies: 8
    Last Post: February 13th, 2002, 11:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides