W3C home > Mailing lists > Public > public-wsc-wg@w3.org > July 2007

Re: Authentium

From: Thomas Roessler <tlr@w3.org>
Date: Mon, 30 Jul 2007 13:57:25 -0400
To: michael.mccormick@wellsfargo.com
Cc: public-wsc-wg@w3.org
Message-ID: <20070730175725.GT2974@raktajino.does-not-exist.org>

(Cutting the CC list down)

On 2007-07-30 11:16:15 -0500, michael.mccormick@wellsfargo.com wrote:

> There are emerging vendors who offer a hardened web browser that
> only allows the user to access certain pre-vetted web sites.  The
> one I saw demo'd today is based on the Mozilla code base.  The UI
> looks like a stripped-down Firefox.  While it's running all other
> Windows programs (inc. any key loggers or other malware) are more
> or less suspended.  Only SSL communication is allowed.  The
> browser also uses a private DNS server to avoid DNS poisoning and
> a signed URL list to avoid bookmark poisoning.

I wonder how scalable this actually is, and how much it'll be used.
I've seen similar approaches demonstrated where the banking platform
was launched from a read-only Linux distribution (on CD), to defend
against any possible malware infestation.

Regards,
-- 
Thomas Roessler, W3C  <tlr@w3.org>
Received on Monday, 30 July 2007 17:57:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:50 GMT