The recent security problems on the Apple Safari and Google Chrome web browsers have been described as ‘shocking'.
Writing on the Infosecurity Adviser blog, Mike Barwise claimed that both web browsers have dangerously weak password management. He said: “The bugs in question are "such basic errors that I'd fail an undergraduate for perpetrating them in coursework”.
Barwise pointed to a recent incident where he was transferred by an e-commerce site to “an unrecognised third party ‘validation site', which required scripting to be enabled and the domain registration of which appeared highly suspect on examination”. When he checked with his bank he was told it was ‘probably' legitimate.
He claimed that there appears to be a complete lack of security awareness among providers and the problem ‘is that the web has become a triumph of instant gratification over common sense - nobody is making the effort to ensure their systems are designed to be secure, they're just pushing them out the door the moment they seem to function'.
He claimed that “the desire to be 'up and running' has completely overridden any caution”, and although the security weaknesses are potentially serious for both the provider and/or the customer, neither would be difficult to address.
Barwise said: “It is shocking that these basic errors were made in the first place. Anyone who masquerades as a web developer was ignorant enough to make these mistakes, that anyone was unobservant enough to let them slip through into a production system defies the imagination.
“I can only conclude that no-one is applying basic engineering principles that no-one is doing any proper testing, and in fact no-one really cares about web security. Until this attitude changes, we are on a slippery slope towards the extinction of e-commerce as we know it, and at this rate I give it a couple more years before it hits the skids.”
See original article on scmagazineus.com
Safari and Chrome security problems criticised
By Dan Raywood on Dec 19, 2008 10:09AM