|
Top Security News |
Preventing & Exposing Errors In Ajax Applications
Ajax.sys-con is running a good article on Ajax and application security that is a good read. While it starts slow with background info, the rest of it is well worth reading. Security issues are more important...
How Britney Spears Relates To Insider Threats
No, I am not nuts, but if you want a perfect example of personality changes that could precipitate into an insider threat to a company, look no further than people magazine. Usually before someone decides that...
Penetration Testing Vs. Vulnerability Analysis Tools
Over the past several years I have heard people asking the question "should I use vulnerability analysis tools to assess my web based applications or should I look to penetration testing?" I think we, as an industry, may...
Review: SpiDynamics Web Inspect
Every once in a while, you run into a tool that becomes an essential member of your tool kit, like snort for IDS, Nessus for scanning a network, the new version of...
Corporate Email Wanders
Technewsworld is running a story on company personnel who forward company e-mail to their MSN, Google, Yahoo, or other hosted e-mail accounts. So after spending all that money to secure your corporate...
Insider Threats
Organizations in many ways contribute the actions of their employees. Either through not wanting to lose a star player who sometimes does things that they shouldn't to not monitoring who is accessing what...
|
|
 |
|
04.25.07
Retiring The Browser
 By
Dan Morrill
The time when Internet Explorer, Safari, Netscape, and Firebox as your window to the internet is just about done for. What is going to replace it?
Rich internet applications that use components of
your desktop and your browser make a more complex security model.
The potential of Web 2.0 and Web 3.0 is to bring richer content to you, to enable you to do things faster cheaper and better. Itnews.com.au is running a piece where they state:
The browser might not hold its place long as the default Web interface, giving way to richer, hybrid desktop-Web apps, execs in one panel discussion said. Web browser technology won't disappear, and rich Internet applications like the Joost Internet video player are being developed on top of Mozilla's code. Source: Itnews.com.au
After playing with hybrid apps for the last week like LeapTag, Joost Beta, and trying to get my hands on Apollo (if anyone has a copy send me a note, I would love to see how it works, I missed the beta signup) to see how these kinds of processes have an impact on the two security issues that we have.
We have the Browser security setting and the Operating System security settings, while they sometimes work hand in hand; more often than not, they are actually two separate security zones in a computer. By having a combined desktop browser application, how those two security zones interact, and which default setting on them (high, medium, and low for either one) is going to be the default security setting for the final object calls and data downloads.
This complexity is going to alter how many affiliated programs work, so it will be more interesting to cut and paste from one object say Word or Open Office, into IE or Firefox using an intermediary application like something developed with Apollo, that has both on line and off line capability. Can the buffer or files be altered when they have been stored for later forwarding when the system is again on line?
There is going to be a booming business in the security implications of these kinds of hybrid applications, and how they use both memory and disk space (can I pull information from slack space on a drive while waiting to go on line and then post across multiple back ends, one for the operations, and one for spying? What would that look like to a firewall, or to an IDS system?)
Security departments, corporate HR, corporate standards, and policies should start thinking about these now, as they are where technology is going. While it may be primitive now, and no one was thinking about security in the beginning, we have a real opportunity to start driving standards for security with the upcoming technologies.
By addressing the security implications now, we will not be trying 3 or 4 years from now to break bad habits that developers and users have developed over time.
Comments
|
