The Mozilla vice president of products announced that Firefox doesn’t need to run native code anymore when it comes to plugins. The idea is called crash protection for it aims to keep the web browser alive when a plugin fails to run correctly. At the same time the magical words about the future being in the hands of (open) web standards and HTML5 are uttered. What does this imply in terms of security? Is there any benefit? The thought of having more reliable web browsers is certainly tempting. It is also true that overloading the browser with plugins increases the „angle of attack” to the point of stalling or most probably catching some malware floating around on the Web. The message seems to be that seperating vulnerable plugins from the browser doesn’t rule out
Our Call for Papers is still running until 31 July 2010. We already have some very interesting talk and workshop submissions. Two experts cover the black magic of the last mile and network backbones. Clearly this is critical infrastructure and is often neglected when implementing security measures. Few administrators put their firewalls in front of the ISP’s modem. There are attacks against infrastructure. Wireless networks illustrate this problem very well. Strangely when it comes to wired networks people think of them as more secure. True, wired connections cannot be accessed through thin air, but this doesn’t immunise them against threats on the infrastructure level. Routing protocols, administrative interfaces, unpatched firmware, bugs, noisy broadcasts and network design errors can lead to a fertile ground for a compromised network well before your firewall kicks in. So
The DeepSec organisation team has started their own blog! We try to publish some information around our conference and about all things related to security (or simply everything related to broken things). Stay tuned!