W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2013

Re: Browser Sandbox Security by internal attack

From: Mountie Lee <mountie.lee@mw2.or.kr>
Date: Mon, 14 Jan 2013 11:19:28 +0900
Message-ID: <CAE-+aYL7C1TV2mYJnihSkGqh-RFHF=Nh2J3uyuug-52Dw-og0w@mail.gmail.com>
To: Fred Andrews <fredandw@live.com>
Cc: Web Application Security Working Group <public-webappsec@w3.org>
Hi.
thanks for reply.

theoretically you are correct.

but

many actual threads are coming from Internal.

do we need to touch protecting sandbox from internal attack?
it it out of scope of WebAppSec WG?


On Sat, Jan 12, 2013 at 6:34 AM, Fred Andrews <fredandw@live.com> wrote:

>
> Hi Mountie,
>
> The web browser does not consider the OS a threat.  The OS is privileged.
>
> cheers
> Fred
>
> ------------------------------
> From: mountie.lee@mw2.or.kr
> Date: Fri, 11 Jan 2013 19:04:55 +0900
> To: public-webappsec@w3.org
> Subject: Browser Sandbox Security by internal attack
>
>
> Hi.
>
> the current CSP's aim is protecting browser sandbox by external attack.
>
> how strong the browser sandbox from internal attack (from OS)?
>
> my question is based on that user environment can be easily compromised.
>
> regards
> mountie.
> --
> Mountie Lee
>
> PayGate
> CTO, CISSP
> Tel : +82 2 2140 2700
> E-Mail : mountie@paygate.net
>
> =======================================
> PayGate Inc.
> THE STANDARD FOR ONLINE PAYMENT
> for Korea, Japan, China, and the World
>
>


-- 
Mountie Lee

PayGate
CTO, CISSP
Tel : +82 2 2140 2700
E-Mail : mountie@paygate.net

=======================================
PayGate Inc.
THE STANDARD FOR ONLINE PAYMENT
for Korea, Japan, China, and the World
Received on Monday, 14 January 2013 03:15:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 14 January 2013 03:15:48 GMT