browser security
Latest
Chrome will soon let you know if a web form is unsecure
It'll turn off autofill on forms that are submitted insecurely.
Chrome will block HTTP content from loading on secure sites
In a move to improve user privacy and security, Google is simplifying its browser security settings. In a blog post, the Chrome security team said https:// pages will only be able to load secure (https://) subresources. The change won't happen overnight, but in a series of gradual steps.
MMObility: Battle of the browsers
Before I get too far in this new column, I need to take stock of my weaponry. I now have almost everything I need: an iPhone, an iPad, a new HTC Inspire Android phone, one basic laptop of choice, and a pretty decent gaming rig (if a little old). I have everything I need to test out games across different browsers and devices. I am prepared to slug these pieces of hardware wherever I need to; I am ready to walk with them in hand. It's a tough job, but someone has to do it. I could use some advice, though. I have my preferences, but I wonder what my readers think. Which browser do you prefer? Why? For example, I am in love with Chrome for various reasons, but some games have issues with it. Do I weigh the good against the bad and claim it as my default anyway? Lately, I have all the major browsers bookmarked on my desktop, waiting to go. What about security? I'll be honest: I'm not an expert. Click past the cut and let's discuss. Maybe you can help me.
Chrome sandboxes Flash Player in latest Dev channel release for Windows
Hey, Adobe's finally figured out how to make Flash secure -- have Google do it! The guys behind your favorite search engine have updated their latest Dev channel release of Chrome to include a new sandboxing facility for Flash Player content. It'll serve to limit access to sensitive system resources and make Flash's operation a generally less threatening proposition than it currently is. This also marks the fulfillment of a longstanding promise from Google to give Flash the same treatment it's afforded to JavaScript and HTML rendering for a while, and should be welcome news to Windows users eager to minimize "the potential attack surface" of their browser. Sorry, Mac fans, you're out in the unsecured cold for now. Of course, the Dev channel itself is one step less refined than beta software, so even if you're on Windows it might be advisable to wait it out a little bit.
Browser security: "The main thing is not to install Flash!"
You may have noticed that I'm not a huge fan of Flash. My feelings pre-date the iPhone/iPad debate about whether or not Flash should be included on those devices. Even back when I was using Windows and Opera, one of the features I used most often was "Disable Plugins" -- which was really another way of saying "Disable Flash," and I do that these days in Safari using ClickToFlash. Flash lovers usually talk about how many games are only available using Flash. Flash haters usually talk about performance issues, especially on the Mac. Adobe tries to make the argument that not including Flash is bad for users' freedom of choice. When it comes to browser security, Charlie Miller says that it's all about Flash. More specifically, avoiding Flash. Miller, who has won the Pwn2Own contest two years running, was interviewed by Italian site OneITSecurity. They asked him what browser and OS he thought was the safest. The first part of his reply probably won't make Mac users happy: he suggests Windows 7 with either Chrome or IE8 saying "there probably isn't enough difference between the browsers to get worked up about." But the highlight for me was the next quote: "The main thing is not to install Flash!" The guy who seems to be the best in the world at breaking into your web browser tells you that you shouldn't install Flash. Perhaps you should consider installing ClickToFlash; it's completely free, and tells Flash to load only when you tell it to load. That should make your browsing significantly safer on any platform. Hat tip to Jay Hathaway at DownloadSquad for bringing this to our attention.
