LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Security! Security! Security!

Security! Security! Security!

Posted Feb 26, 2012 21:35 UTC (Sun) by intgr (subscriber, #39733)
In reply to: Security! Security! Security! by eric.rannaud
Parent article: Tracking users

> For me, ditching Firefox for Chrome is all about security.

How about Chrome removing OCSP checks for certificates? Apparently Chrome developers think speed is more important than security.

> Running flash, or worse, Java on untrusted content with full $USER rights? Insane.

Chrome doesn't sandbox plugins either -- since plugins are third-party software and need to access resources that Chrome doesn't know about, such as Flash local storage, webcam and whatnot.

> Sandbox Firefox and, maybe, maybe, we'll come back.

Sadly project "Electrolysis" has been frozen for the time being since it requires major modifications to the core and would break most extensions.

(Log in to post comments)

Security! Security! Security!

Posted Feb 27, 2012 9:04 UTC (Mon) by khim (subscriber, #9252) [Link]

How about Chrome removing OCSP checks for certificates? Apparently Chrome developers think speed is more important than security.

Interesting. You assume that OCSP is more secure then simple autoupdateable revocation list. Care to share the proof that it's indeed so? AFAICS Chrome's new scheme is much simpler and thus more robust - this means it's probably more secure, too.

Note that the very same article you link to deride raises important practical security concerns related to OCSP thus "it's so obvious that OCSP is better" just does not cut it: not only you should explain how will Firefox solve OCSP-related problems outlined in the article, you should explain what's unsecure in new Chrome's scheme, too. Soft-fail revocation checks are like a seat-belt that snaps when you crash (which is how OCSP is practically implemented in all browsers) does not inspire a lot of confidence.

Chrome doesn't sandbox plugins either -- since plugins are third-party software and need to access resources that Chrome doesn't know about, such as Flash local storage, webcam and whatnot.

Flash is actually sandboxed and Java plugin is at least checked for known-vulnerable versions - which is better then what Firefox is doing.

If you want to point to real problems with Chrome's security - then be my guest, let's talk about it, noone is perfect, but if your goal is just to spread FUD then please stop.

Security! Security! Security!

Posted Feb 27, 2012 14:24 UTC (Mon) by KaiRo (subscriber, #1987) [Link]

As already stated, both OCSP and CRLs have the problem of not working when requests to those services are blocked, so they're actually bad solutions. We need to do better in terms of certificates/keys for encrypted communications (I'm not sure the word "secure" is even correct for those), and both OCSP and CRL are not good answers to CA breaches. One possible proposal for this is being described at https://kuix.de/mecai/

On the other topic, sandboxing is IMHO hyped more than it's actually useful. It's one reasonable idea of how to possibly prevent exploits from going worse, but 1) if you (in theory) don't have exploits in the first place, it's useless, and 2) there's lot of security/privacy-relevant flaws where it has no effect at all, esp. in the area surrounding XSS. Also see http://hackademix.net/2012/02/16/sandboxes-are-overrated-... and stuff linked from there.

Security! Security! Security!

Posted Feb 27, 2012 15:42 UTC (Mon) by khim (subscriber, #9252) [Link]

1) if you (in theory) don't have exploits in the first place, it's useless

Sure, if your browser and OS are written by infallible God and if it's run on the impeccable computer which is created by said God then you can ignore any and all security practices.

In our universe compartmentalization is the only solution worth discussing. It predates computers by several millennia (think military and state secrets, different levels of access, etc) and is the only tied and true [albeit imperfect] solution.

2) there's lot of security/privacy-relevant flaws where it has no effect at all, esp. in the area surrounding XSS

Let me translate "discovery" from geek to English:

Sensation, sensation! Everything you ever knew is wrong!
Recently researchers found that most thieves started using windows and not doors. This fantastic discovery shows that all these sturdy doors and complicated locks are just a waste of time and money! We should immediately stop wasting our time and fully switch to windows protection! You can leave keys under your doormat, don't lock the door at all, it does not matter! More in our newspaper, just $.02 per copy.

Yeah, right.

If you really believe that then I have very nice bridge to sell.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds