Language Selection

English French German Italian Portuguese Spanish

Web Browser Developers Work Together on Security

Filed under
KDE

Core KDE developer George Staikos recently hosted a meeting of the security developers from the leading web browsers. The aim was to come up with future plans to combat the security risks posed by phishing, ageing encryption ciphers and inconsistent SSL Certificate practise. Read on for George's report of the plans that will become part of KDE 4's Konqueror and future versions of other web browsers.

In the past few years the Internet has seen a rapid growth in phishing attacks. There have been many attempts to mitigate these types of attack, but they rarely get at the root of them problem: fundamental flaws in Internet architecture and browser technology. Throughout this year I had the fortunate opportunity to participate in discussions with members of the Internet Explorer, Mozilla/FireFox, and Opera development teams with the goal of understanding and addressing some of these issues in a co-operative manner.

Our initial and primary focus is, and continues to be, addressing issues in PKI as implemented in our web browsers. This involves finding a way to make the information presented to the user more meaningful, easier to recognise, easier to understand, and perhaps most importantly, finding a way to make a distinction for high-impact sites (banks, payment services, auction sites, etc) while retaining the accessibility of SSL and identity for smaller organisations.

In Toronto on Thursday November 17, on behalf of KDE and sponsored by my company Staikos Computing Services, I hosted a meeting of some of these developers. We shared the work we had done in recent months and discussed our approaches and strengths and weaknesses. It was a great experience, and the response seems to be that we all left feeling confident in our direction moving forward.

Full Story.

More in Tux Machines

Ubuntu 15.10 (Wily Werewolf) to Ship with OpenStack Liberty

Canonical's James Page posted an interesting message on the Ubuntu mailing list, informing all Ubuntu developers about the steps they need to take in order to update the OpenStack cloud software to version 2015.2.0 (Liberty) in Ubuntu 15.10. Read more

Mark Shuttleworth Details Ubuntu 15.10 Highlights [VIDEO]

Ubuntu developers are closing in on the next major release, with the Ubuntu 15.10 Wily Werewolf set to debut on October 22. Ubuntu 15.10 is in many respects an incremental release ahead of the 16.04 Long Term Support release in 2016. Among the key innovations in 15.10 is wider use of the Snappy technology for packaging, though it won't replace the core .deb packaging system anytime soon, if ever. Read more

Improving Security for Bugzilla

Openness, transparency, and security are all central to the Mozilla mission. That’s why we publish security bugs once they’re no longer dangerous, and it’s why we’re writing a blog post about unauthorized access to our infrastructure. We have notified the relevant law enforcement authorities about this incident, and may take additional steps based on the results of any further investigations. Read more

RHEL 7.2 has an updated kernel target

As mentioned in the beta release notes, the kernel in RHEL 7.2 contains a rebased LIO kernel target, to the equivalent of the Linux 4.0.stable series. This is a big update. LIO has improved greatly since 3.10. It has added support for SCSI features that enable VMWare VAAI support, as well as data integrity (DIF), and significant iSER work, for those of you using Infiniband. (SRP is also supported, as well as iSCSI and FCoE, of course.) Read more