drclue wrote:
Richard Cornford wrote:
>drclue wrote:
>>Richard Cornford wrote:
Web site security is largely a matter of exercising and keeping
control where you have control, on your own servers. Letting a
third party inject scripts on the client is sufficiently risky to
make loud assertions of honesty, responsibility and safety
made by the providers of those scripts insufficient justification
for using them.
So let's all ditch our on-line banking , throw out the googlemaps,
turn off our javascript and join our friends huddled in an
undisclosed location, crying loudly about weapons of mass
destruction . :)
Why? Serving scripts from our own servers (and so being certain of
what will be in them) is hardly arduous.
It certainly would appear an arduous attitude
to jump out the box painting our efforts with such
a broad brush.
All I did was point out that in the hands of the unscrupulous a system
that asks sites to include client-side scripts originating on a remote
server could be used to inject arbitrary malicious scripts in a way that
was very difficult to observe, but may be seriously damaging for the
reputation of the web site's owners and the financial well being and
privacy of their users. That is just a fact, what can be done with
scripts injected on the client is anything that can be done by any
script on the page.
All the scripts in LAMPjack are delivered from our
LAMPjack servers which makes a certified LAMPjack
about as dangerous as a Googlemap.
Two things speak for the safety of google maps: 1. Google's reputation
(which you would hope they would not want to endanger), and 2. The
technical competence of google's developers. Given that google has a
long history of tolerating script injection the later is not much of a
reassurance, though as google will not be using Googlemaps to inject
malicious scripts (to preserve their reputation) no injections will be
possible until they start including advertising (and their developers do
appear to finally getting to grips with their script insertion
problems).
In order to even develop, submit or use a LAMPjack
script, one has to have a verified account and the
appropriate site and session keys.
Aren't the people who would be developing the scripts for your system
the ones creating the lures that will encourage the people who have web
sites to use the system? There is little significance in these two
groups having "verified accounts".
The target page would also have to cooperate
Yes, you cannot force alien client side scripts into a page, it has to
invite them in (a bit like vampires).
<snip>
Any potential Ads would be injected in a fashion
that precludes cross domain scripting into the
LAMPjack/Subscriber context,
Details?
as I agree that totally third party content needs
to be caged.
But you promise everyone that your position as a third party would never
be abused?
Those third parties could also use LAMPjack, but only
from their own context, so those ads would only pose
the same threat as every other ad we see on the internet.
As to monitoring activities , even *YOUR* site
logs every request, right down to my IP address,
And if I included a script that did it I could monitor every key stroke
the user made and broadcast it back to my server, speculatively test for
the ability to install software (and install things (read spyware) on
the client if the ability was exposed) and so on. Of course I have no
reason for monitoring password and reading credit card numbers as they,
if entered, are going to be sent to me anyway, but if a third party
could upload those scripts to sites I am responsible for then they may
see considerable value in what they could achieve.
so in order to avoid log files we all need to give
up using the internet at all and/or hunker down in
the dark nets and pay for fear by the month, which
still does not really protect anyone, but it sells.
That is a "slippery slope" argument that doesn't quite work.
<snip>
Would a system not using LAMPjack be 100%
secure? No. The only system that comes close
is one that's left in it's shipping carton and
never plugged in.
Are you saying that if you cannot be 100% secure you may as well be wide
open to anything?
The only system that comes close is one that's left in it's
shipping carton and never plugged in.
Even banks get hacked on an all to frequent basis,
so the idea is to make the security stiff enough
to exceed the value of the prize.
With a simple vise , a file , and a key, one can make
a master key for all locks of that type ...
<snip>
That is not at all true. A lock as simple as the Yale lock, for example,
has no master key at all, so no such object could be created.
My belief is that cross-domain scripting can in
conjunction with server side tools provide a reasonably
safe context in which to conduct it's activities.
Don't be ridicules. Your system is absolutely reliant on the owners of
web sites being willing in include scripts in their pages soured from a
third party server. At that moment client side security is already out
of the window. The only safety these web sites will have come from
exactly the same sources as Googlemap's; Your technical competence (and
you already know what I think of that), and your reputation (which is
not something I would hang a web site upon).
The problem here is that if your intentions were to exploit the gullible
and leach information form the user's of their web sties for your own
financial gain how would what you would then post in order to lure
people into using the system differ from what you have posted here?
Richard.