Monday, January 26, 2009

The illusion of being protected

Yesterday I published another blog post at my work place.
This incident is quite problematic, as it represents our inability to really trust 3rd party sources. Usually, when browsing the web using Firefox, one could think "hey, this one is Open Source, so I'm safe while browsing the Internet", but this is not the case. The fact some of Firefox security relies on some other service, which we have no control over, makes it partially-closed. This is why such engines cannot be trusted as the only line of defense.

3 comments:

  1. There are already trackbacks for this post:
    http://www.readwriteweb.com/archives/tinyurl_being_used_to_bypass_safe_browsing_filters.php

    ReplyDelete
  2. Strange - can't the browser just check the URL it's being redirected to? Seems like a simple fix.

    ReplyDelete
  3. Yevgeny, the SafeBrowsing service is done on-line, so another GET to it would have to be done. For every redirection and IFRAME that would be quite costly. Moreover, this service (for the conspiracy lovers) is already an approved spyware, so one would like to have it "know" as little as possible.

    ReplyDelete