RE: New secure browser developed

The "correct URL" display adds some value, but it's fairly minimal as
you say, unless augmented by an identity signal that clearly tells the
user what DNS domain the web server is in.
 
The most important thing U of Illinois did is sandbox plugins so they
can only alter the UI content area (not the chrome) and they must run
outside the browser's kernel and rendering engine processes and don't
interact directly with the OS.  I wish there was more willingness in WSC
to tackle the problem of 3rd party plugins.

  _____  

From: Mary Ellen Zurko/Westford/IBM
[mailto:Mary_Ellen_Zurko@notesdev.ibm.com] 
Sent: Tuesday, April 01, 2008 1:09 PM
To: McCormick, Mike
Cc: public-wsc-wg@w3.org
Subject: Re: New secure browser developed



I find the bit about the address bar intriguing. Though I thought a lot
of phishing attacks did show the "correct" URL (one chosen to look
plausibly like the URL of the site being emulated). 





From: 	<michael.mccormick@wellsfargo.com> 
To: 	<public-wsc-wg@w3.org> 
Cc: 	<Leon.S.Williams@wellsfargo.com> 
Date: 	03/28/2008 07:27 PM 
Subject: 	New secure browser developed

  _____  




http://www.eweek.com/index2.php?option=content&task=view&id=47212&pop=1&
hide_ads=1&page=0&hide_js=1
<http://www.eweek.com/index2.php?option=content&task=view&id=47212&pop=1
&hide_ads=1&page=0&hide_js=1>  

Michael McCormick, CISSP 
Lead Security Architect, Information Security Technologies 
Wells Fargo Bank 
"THESE OPINIONS ARE STRICTLY MY OWN AND NOT NECESSARILY THOSE OF WELLS
FARGO" 
This message may contain confidential and/or privileged information.  If
you are not the addressee or authorized to receive this for the
addressee, you must not use, copy, disclose, or take any action based on
this message or any information herein.  If you have received this
message in error, please advise the sender immediately by reply e-mail
and delete this message.  Thank you for your cooperation.