Docstoc

Yesterday Today and Tomorrow (PDF download)

Document Sample
Yesterday Today and Tomorrow (PDF download) Powered By Docstoc
					Staying Safe on the Web
      Yesterday, Today and Tomorrow


                         Sid Stamm
                  <sid@mozilla.com>
YESTERDAY
June 5, 2002!
 :-(
Bugs.
CSS HISTORY
 SNIFFING
                  JSFunFuzz
http://www.squarefree.com/2007/08/02/introducing-jsfunfuzz/
1024 bugs since 21-August 2006
     118 security critical
                                                                Oh dear...



Image Credit: Randal Alan Smith / http://valleywag.gawker.com
                                                                              ( Brendan Eich )
                                                                             ( Invented JavaScript )




                                                                Oh dear...



Image Credit: Randal Alan Smith / http://valleywag.gawker.com
EYEBALLS
TODAY
November 9, 2004!
BUG BOUNTIES
FUZZING
Browser as Protector
Safe Platform
Safe Browsing (Google)
AddOns
Out-Of-Process Plugins
Out-Of-Process Plugins
Out-Of-Process Plugins
Out-Of-Process Plugins
Out-Of-Process Plugins
SECURITY FEATURES
CSS HISTORY
 SNIFFING
BETTER
TRUST
PRIVACY
TOMORROW
FirefOS   ®
FirefOS                 ®

 ( Okay, not really )
      Canvas               MathML

CSS3 Transformations   Open Video/WebM

     Direct2D                SVG

    Drag & Drop             WebGL

      FileAPI             WebSockets

    Geolocation        Web Storage (SQL)

   HTML5 Forms           Web Workers
          Percent of Your Computer’s Abilities used by Web Sites
100%


75%


50%


25%


 0%
   2004            2006           2008           2010              2012

           YouTube     Nintendo Emulator
       eBay      Google Docs
AddOns
         Jetpack

            API
           module
           module    Jetpack
  My       module
                     Backend
Add-On     module
                    (XPCOM)
           module
           module
         Jetpack

                API
               module
               module    Jetpack
  My           module
                         Backend
Add-On         module
                        (XPCOM)
               module
               module




  JavaScript
                             Jetpack

                                API
                               module
                               module    Jetpack
Capabilities:
1. http://foo.com     My       module
                                         Backend
2. graphics
3. menus            Add-On     module
                                        (XPCOM)
                               module
                               module
MULTI-PROCESS
ARCHITECTURE
ACCOUNT
MANAGER
  (concept)
BETTERER
 TRUST
PRIVACY
OPEN
QUESTIONS
PRIVACY?
ANONYMITY?
BETTEREST
  TRUST?
            ?
SOCIO-TECHNICAL
   SECURITY?
    Sid Stamm
<sid@mozilla.com>

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:12
posted:10/21/2011
language:English
pages:52