Tag Archives: browser

AHA! A blast from the past…

I just ran across this great blog post from Lori MacVittie at Web2.0 Journal. Can’t say exactly why it sparked my interest, but after reading it I realized this may be Freudian… The proposed Anonymous Human Authentication (AHA – great acronym Lori!) proposed in it closely resembles a technology we worked on back in the days of BeeFence.

I’m not putting any links to BeeFence since it was a startup I had the honor to be one of the founders of (which obviously went down the road of many other startups…), but the neat thing about it was the technology (did I mention I was the CTO 😉 ). Basically – we had what we called “Active Validation” (or sometimes “Interrogation”) of sessions. We generalized it a bit more to cover additional protocols rather than just focus on Web2.0 (think what it can do to the NIDS/IPS world…).

Makes me think of getting back on the startup bandwagon, although I’d have to make some sense out of the drawer-full of ideas I’ve been filling over the past few years having been engaged in web security and cloud security recently… you never know 🙂

Chrome, IE8, FF3 – is there anything new?

As websites are getting to be treated more like applications, users, both end-users and especially business ones, are moving from traditional old-school desktop applications (remember when “client-server” architecture was the thing?) to Software as a Service (SaaS), in-the-cloud, and just plain web applications. Security has been shifting from securing the local operating system to securing the web channel.

This has been backed by the clear shift from email being the number one carrier of all things bad, to the web being the most prominent and efficient channel for cyber attacks. This shift – both the usability one, as well as the security one, brought in a lot of improvement in what we use to browse the internet today – our browsers. With the recent release of Firefox version 3, Google’s release of Chrome, and the upcoming Internet Explorer 8, browser makers are showing great improvements in both usability as well as security.

Nevertheless, the picture isn’t that pretty on the security front after all. Both Mozilla and Google are facing some major vulnerabilities that have been disclosed shortly after releasing the browsers. IE8 is lurking on the sidelines trying to make sure its release will go hopefully uneventful (on the security side of course).  History and reality are proving that as long as the web will keep providing such usability, we will still have to come up with more than just new versions of browsers, but with more elaborate ways to secure the web. Issues such as authorization, authentication, permissions, cross-site relationships, mashup data sharing (and these are just scraping the surface) – will have to be approached from a higher level, taking into account infrastructures, open protocols and APIs to be used across applications. Merely focusing on securing the endpoint (or now almost literally “window”) to the application is not enough, as corporations would have to deal with the actual essence of the data and applications handling it.

Don’t get me wrong – I highly appreciate the advancements that Chrome, FF3 and IE8 are making (and proud to be using all of them almost equally throughout the day), but let’s just remember not to keep living in a “whack-a-mole” security state of mind, and make sure we look at the whole picture.