Hans-Christoph Steiner wrote: > > > Nathan of Guardian wrote: >> >> >> On Fri, Sep 19, 2014, at 12:16 PM, Hans-Christoph Steiner wrote: >>> Yet another stark reminder that the web only really works with public >>> information. Running applications on the web is really just a terrible >>> idea >>> from a security and privacy point of view. >> >> Well, that cuts off about 99% of the usefulness of it! >> >> Though now that Chrome can run Android apps, maybe we are moving back >> into native/compiled/purpose-built binaries! > > Native apps can do networked stuff just fine, there is no need to use such a > horribly insecure platform. Look at all the networked mobile apps, e.g. > Facebook, etc. > > The companies that are pushing everyone to webapps are generally based on data > mining business models (Google, Facebook, Yahoo, etc), so webapps are not > designed with the user's security in mind. Here's more fun news on the topic: > jquery.com got pwned and was serving malware: > http://www.net-security.org/malware_news.php?id=2869 > > Webs apps are structured around letting any random website execute code on > your machine, and they can even include random code from any other website and > transparently execute that on your machine. > > It is not surprising that Finspy, NSA, etc. all focus on using websites to pwn > computers.
The fun doesn't stop at jquery.com! Doubleclick's ad servers were also pwned to serve malware: http://it-beta.slashdot.org/story/14/09/19/2232241/googles-doubleclick-ad-servers-exposed-millions-of-computers-to-malware Everyone got a good ad blocker installed? Also, it is probably time for turning javascript off by default on your browser, and just whitelisting it when its required. .hc -- PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81 _______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
