W3C home > Mailing lists > Public > public-usable-authentication@w3.org > June 2006

Re: Secure Chrome

From: Amir Herzberg <herzbea@macs.biu.ac.il>
Date: Tue, 13 Jun 2006 08:26:29 +0300
Message-ID: <448E4C85.20006@cs.biu.ac.il>
To: Chris Drake <christopher@pobox.com>
CC: public-usable-authentication@w3.org

Chris Drake wrote:
> Hi Amir,
>
> Either you didn't look at googles demo, or you just got tricked by
> that spoof web site?
> http://guardpuppy.com/BrowserChromeIsDead.gif
>
> There is no browser window or popup of any kind shown in the above
> picture.  It's a <DIV>.  It could just as easily be an <IMG> with a
> <form> overlaying it via CSS.
>   
Chris, this was very clear to me - in fact, the foils I've presented at 
the NYC meeting include this attack...

OTOH, you may be right, there may already be enough tricks to do 
persistent user identification, and that may be a good technique. Can 
you provide a bit more detail or reference to what may be good 
persistent identifiers?

Best, Amir Herzberg
Received on Tuesday, 13 June 2006 05:27:27 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:53:15 UTC