[talk] Browser Abuse.

Isaac (.ike) Levy ike at blackskyresearch.net
Tue Oct 11 12:29:45 EDT 2016


Hi Suit,

> On Oct 8, 2016, at 12:14 PM, Sujit K M <kmsujit at gmail.com> wrote:
> 
> Hi All,
> 
> I had a simple question for all, If you look at an web browser what are the
> sort of abuses it still cannot handle.
> 
> For one, I find Ajax has a lot of security concerns regarding the pace at which
> it does transactions. Any Ideas?
> 
> Regards,
> Sujit K M


Sorry there was no good response here on this, but I think browser abuses are something which folks around NYC*BUG aren’t too engaged in tracking- it’s been a disaster since JS et. al. were invented…  I mean, who thought that running arbitrary code from an untrusted source on the internet, from simply navigating to some site, was ever a good idea?  :)

With that, there are many OS facilities which attempt restricting/sandboxing running processes- with more and less fuss.  (FreeBSD has facilities like jail(2) and capsicum(4), OpenBSD has pledge(2), etc…)

Is there a specific applied security case you are trying to handle?

Best,
.ike





More information about the talk mailing list