undefined | Better HN

0 pointsthrowaway234248y ago0 comments

The web browsers are so much more secure than what we had before (just accepting executable binaries from other people), so I look at this as a way forward.

0 comments

cpburns20098y ago

I'm not that confident. Browsers blindly accept and execute whatever they receive. The more features that get added, the larger surface there is to exploit. A case in point: WebUSB as mentioned in the article.

Ajedi328y ago

The nice thing though is that, although the added attack surface is there, its not really accessible to web pages until a user grants the necessary permissions. Not really all that different from telling users to execute a native app in that respect.

In this case it's not even an exploit really; more like social engineering. (Tricking users into granting the phishing site unrestricted access to their Yubikey, then using that access to trick the user into authenticating a login session for the phishing site.)

codedokode8y ago

Imageine if there is an USB device with new Chrome WebUSB driver (which has necessary permissions) and then vendor's website gets hacked.

kuschku8y ago

A browser is more secure than a linux namespace with SELinux rules that require explicit approval for any access?

A browser is more secure than Qubes?

The flaw is in legacy software, not in what is possible. Had humanity spent the effort that was spent on browsers on operating systems instead, we'd have had the same security improvements without all the negatives.

petee8y ago

And yet, at quick glance, Chromium THREE TIMES more CVEs than the Java JRE...so it might be more secure than before, but lets not celebrate just yet!

j / k navigate · click thread line to collapse