RE: ISSUE-6 / ACTION-239: Mobile/device browsing from Dan Schutzer on 2007-07-20 (public-wsc-wg@w3.org from July 2007)

From: Dan Schutzer <dan.schutzer@fstc.org>
Date: Fri, 20 Jul 2007 12:23:18 -0400
To: "'Luis Barriga $KI/EAB$'" <luis.barriga@ericsson.com>, "'Jan Vidar Krey'" <janv@opera.com>, "'Web Security Context WG'" <public-wsc-wg@w3.org>
Message-ID: <00b001c7caea$48f39730$6500a8c0@dschutzer>

I agree

-----Original Message-----
From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On
Behalf Of Luis Barriga (KI/EAB)
Sent: Friday, July 20, 2007 12:17 PM
To: Jan Vidar Krey; Web Security Context WG
Subject: RE: ISSUE-6 / ACTION-239: Mobile/device browsing

One of real-world problems that I think we need to look more at is
whether mobile browsers are vulnerable to the same (or a subset of the)
attacks targetted to desktop browsers. This would be important to grasp
in order to profile the upcoming WSC recommendations towards mobile
browsers.

I'm not a browser expert to judge on how would a mobile browser be
affected by: (i) a compromised web site with malicious scripts? (ii) a
community site with malicious user-contributed consent (iii) 3rd party
malicious widgets? (iv) iframe:d external malicious advertisement.

Certainly, if such attacks turn to be real vulnerabilities in phones,
then it would be rather easy to exploit them to trick the user in the
same way as Google reports is happening with desktop browsers.

Luis

-----Original Message-----
From: Jan Vidar Krey [mailto:janv@opera.com] 
Sent: den 18 juli 2007 23:39
To: Web Security Context WG
Cc: Luis Barriga (KI/EAB)
Subject: ISSUE-6 / ACTION-239: Mobile/device browsing

Hi all,

ACTION-239 has been lingering for a little too long, but I have finally
found the time to look at it.

In the mean time, Luis has done considerable work on ISSUE-6 which is
related, and I think the wiki page "UI Issues In Mobile Browsing" covers
pretty much what I intended with ACTION-239.

I initially also wanted to tie this up with some real world embedded
browser examples, and not just mobile devices. I have for this reason
created a separate wiki page for this:

http://www.w3.org/2006/WSC/wiki/NoteOperaEmbeddedCurrentPractice

I have also outlined a few specific real-world problems on constrained
devices; What happens when your run out of memory? Is the page still
secure?

Cheers

-janvidar

--
Jan Vidar Krey
Unix Software Developer
Opera Software ASA
tel: +47 24164287 (work) / +47 98607328 (mobile)

Received on Friday, 20 July 2007 16:23:53 UTC