-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Paulo J. S. Silva wrote on 18/11/09 20:58: >... > There is a huge "Won't fix" bug concerning the pop-up/under behavior > of update manager since 9.04: > > https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/332945 > > Recently one of the people that insist to keep the bug alive (like > me), made a dirty simple mockup of a page that would present itself as > the update manager and ask for the administration password. See > > https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/332945/comments/456 > > Note that even though this mockup is very crude and can easily be > recognized due to the outer browser window in the pop-up, it should > raise some eye browns. Just imagine a more sophisticated page using > flash to draw a windowless fake update-manager window and capture the > password (can flash send information to a server?).
As I wrote in <http://launchpad.net/bugs/370248>: "For several years Web browsers have insisted on showing the address bar, or the status bar, or both, in any popup window as a way of distinguishing it from native application windows. Can you provide a demo which avoids this security measure?" In both Firefox and Chromium, the demo you have pointed to has not just the browser's address bar *and* status bar, but also two title bars rather than one. If you can provide a more convincing demo, please attach it to the bug report. > I now truly believe that the behavior of having a administration > window popping up (or under) without the explicit user request may be > viewed as a possible security flaw. Naive users, once used to this > behavior, can start accepting fake window that appear during browsing. > It would be much easier to tell the user: never give a password unless > you started a workflow where you already knew that a password would be > required. This sounds like common sense. With the new update-manager > we can not say that to the users anymore. >... As I wrote in <http://launchpad.net/bugs/332945>: "...assuming that people will see a window that looks like the updates window, and behaves like the updates window, but be able to tell that it's fake solely because it opened automatically. I think that's quite unrealistic, because it would require a much better memory for past actions than people usually have. For example, if you open Update Manager yourself but get a phone call and have to switch to another task in a hurry, and don't return to Update Manager until the next day, you may have no memory of opening it the previous day. (Expecting people to then close it and reopen it, *just in case* the already-open instance was a fake one, would be even less realistic.)" Cheers - -- Matthew Paul Thomas http://mpt.net.nz/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAksmOBYACgkQ6PUxNfU6ecpwjQCcD6J2bd/3ejH+0DjLALUgydZD uuAAoJn9Qv9OJNKKwosRfZBI9l1bVM3X =/Eli -----END PGP SIGNATURE----- _______________________________________________ Mailing list: https://launchpad.net/~ayatana Post to : [email protected] Unsubscribe : https://launchpad.net/~ayatana More help : https://help.launchpad.net/ListHelp
