Browser developers gang up on hackers

Powered by SC Magazine
 

Developers from four rival firms met to work on combating security threats with proposals for safer next generation browsers.

The meeting was arranged to discuss plans to combat the security risks posed by phishing, ageing encryption ciphers and inconsistent SSL certificate practice. Security developers from Microsoft, Mozilla/Firefox, Opera and Konqueror agreed on a number of points including plans to introduce stronger encryption protocols.

Linux-based K Desktop Environment (KDE) developer George Staikos, who hosted the meeting, said the availability of botnets and massively distributed computing meant current encryption standards "are showing their age."

"Prompted by Opera, we are moving towards the removal of SSLv2 from our [Konqueror] browsers," said Staikos. "IE will disable SSLv2 in version 7 and it has been completely removed in the KDE 4 source tree already.

He said that KDE will in future look to remove 40- and 56-bit ciphers, and work toward "preferring and enforcing stronger ciphers as testing shows that site compatibility is not adversely affected.

"In addition, we will encourage certificate authorities (CAs) to move toward 2048-bit or stronger keys for all new roots."

Staikos said stronger cryptography rules help to protect users from malicious cracking attempts. He said browser developers will aim to promote, encourage, and eventually enforce much stricter procedures for certificate signing authorities.

He said the present system meant that all CAs are considered equal, irrespective of their credentials and practices. He said that with a definition of a new "strongly verified" certificate, "we can give users a more prominent indicator of authentic high-profile sites, in contrast to the phishing sites that are becoming so prevalent today."

http://dot.kde.org/1132619164/

Copyright © SC Magazine, US edition


 
 
 
Top Stories
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
Immigration breached Privacy Act with data leak
Pilgrim slams "copy and paste" of asylum seeker data.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 836

Vote