Safari and Chrome security problems criticised

By

The recent security problems on the Apple Safari and Google Chrome web browsers have been described as 'shocking'.


The recent security problems on the Apple Safari and Google Chrome web browsers have been described as ‘shocking'.

Writing on the Infosecurity Adviser blog, Mike Barwise claimed that both web browsers have dangerously weak password management. He said: “The bugs in question are "such basic errors that I'd fail an undergraduate for perpetrating them in coursework”.

Barwise pointed to a recent incident where he was transferred by an e-commerce site to “an unrecognised third party ‘validation site', which required scripting to be enabled and the domain registration of which appeared highly suspect on examination”. When he checked with his bank he was told it was ‘probably' legitimate.

He claimed that there appears to be a complete lack of security awareness among providers and the problem ‘is that the web has become a triumph of instant gratification over common sense - nobody is making the effort to ensure their systems are designed to be secure, they're just pushing them out the door the moment they seem to function'.

He claimed that “the desire to be 'up and running' has completely overridden any caution”, and although the security weaknesses are potentially serious for both the provider and/or the customer, neither would be difficult to address.

Barwise said: “It is shocking that these basic errors were made in the first place. Anyone who masquerades as a web developer was ignorant enough to make these mistakes, that anyone was unobservant enough to let them slip through into a production system defies the imagination.

“I can only conclude that no-one is applying basic engineering principles that no-one is doing any proper testing, and in fact no-one really cares about web security. Until this attitude changes, we are on a slippery slope towards the extinction of e-commerce as we know it, and at this rate I give it a couple more years before it hits the skids.”

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
andchromecriticisedproblemssafarisecurity

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?