[cap-talk] Toolbars and unguessable URLs
tyler.close at gmail.com
Wed Sep 24 19:02:52 CDT 2008
On Wed, Sep 24, 2008 at 4:43 PM, Raoul Duke <raould at gmail.com> wrote:
>> On the positive side, Firefox did remove some of its spyware in
>> version 3.
> wow, ok, this is all news to me. are there any concise lists of
> spyware behaviour of common / important apps?
The Phishing filter stuff landed in one of the point releases of
Firefox 2 and was gone by Firefox 3. It was also disabled by default,
but they recommended turning it on. The funny part of all this is that
they eventually got rid of the feature because their own testing found
it wasn't improving their ability to detect phishing sites. So this
massive hole was opened up to support a security feature that didn't
actually work. A whole new layer of satire on iatrogenic security.
AFAIK, the application spyware is the toolbar addons, like Google's,
Yahoo's and Alexa's.
Of course, there's also the issue that a large fraction of users have
machines infected with viruses that also have access to all the user's
secrets. It's hard to know where to draw the lines. If you want to be
completely realistic about things, you have to assume that all data on
the user's computer is available to the attacker. I don't know that
that's a useful place to start from when thinking about how we build
to something better. I certainly don't know how.
More information about the cap-talk