browsersecurity
Latest
Chrome will soon let you know if a web form is unsecure
It'll turn off autofill on forms that are submitted insecurely.
Chrome sandboxes Flash Player in latest Dev channel release for Windows
Hey, Adobe's finally figured out how to make Flash secure -- have Google do it! The guys behind your favorite search engine have updated their latest Dev channel release of Chrome to include a new sandboxing facility for Flash Player content. It'll serve to limit access to sensitive system resources and make Flash's operation a generally less threatening proposition than it currently is. This also marks the fulfillment of a longstanding promise from Google to give Flash the same treatment it's afforded to JavaScript and HTML rendering for a while, and should be welcome news to Windows users eager to minimize "the potential attack surface" of their browser. Sorry, Mac fans, you're out in the unsecured cold for now. Of course, the Dev channel itself is one step less refined than beta software, so even if you're on Windows it might be advisable to wait it out a little bit.
Browser security: "The main thing is not to install Flash!"
You may have noticed that I'm not a huge fan of Flash. My feelings pre-date the iPhone/iPad debate about whether or not Flash should be included on those devices. Even back when I was using Windows and Opera, one of the features I used most often was "Disable Plugins" -- which was really another way of saying "Disable Flash," and I do that these days in Safari using ClickToFlash. Flash lovers usually talk about how many games are only available using Flash. Flash haters usually talk about performance issues, especially on the Mac. Adobe tries to make the argument that not including Flash is bad for users' freedom of choice. When it comes to browser security, Charlie Miller says that it's all about Flash. More specifically, avoiding Flash. Miller, who has won the Pwn2Own contest two years running, was interviewed by Italian site OneITSecurity. They asked him what browser and OS he thought was the safest. The first part of his reply probably won't make Mac users happy: he suggests Windows 7 with either Chrome or IE8 saying "there probably isn't enough difference between the browsers to get worked up about." But the highlight for me was the next quote: "The main thing is not to install Flash!" The guy who seems to be the best in the world at breaking into your web browser tells you that you shouldn't install Flash. Perhaps you should consider installing ClickToFlash; it's completely free, and tells Flash to load only when you tell it to load. That should make your browsing significantly safer on any platform. Hat tip to Jay Hathaway at DownloadSquad for bringing this to our attention.
