Comments on: Single Site Browsers http://isisblogs.poly.edu/2008/03/13/single-site-browsers/ Information Systems and Internet Security Thu, 24 Jul 2008 01:27:17 +0000 http://wordpress.org/?v=2.6 By: Brad Schonhorst http://isisblogs.poly.edu/2008/03/13/single-site-browsers/#comment-268 Brad Schonhorst Thu, 13 Mar 2008 18:53:09 +0000 http://isisblogs.poly.edu/2008/03/13/single-site-browsers/#comment-268 Agreed, it is just a crutch but so are spam filters and firewalls. I think we will see lots of these being used to give the impression of security. Wouldn't the average person feel better about logging into their bank account to pay bills from a stand alone app? The recent Cross-site Request Forgery exploit in gmail comes to mind. I wouldn't be surprised to see this type of thing being marketed as a fix for that type of attack. Additionally, an easy method of creating your own would be great for internal websites that are not linking to other pages. This could provide a good solution for a public kiosk setting. For example, the school I work at wants to have 2 computers out that only go to our internal library database but don't want the system to be used for other internet activities. Agreed, it is just a crutch but so are spam filters and firewalls. I think we will see lots of these being used to give the impression of security. Wouldn’t the average person feel better about logging into their bank account to pay bills from a stand alone app?

The recent Cross-site Request Forgery exploit in gmail comes to mind. I wouldn’t be surprised to see this type of thing being marketed as a fix for that type of attack.

Additionally, an easy method of creating your own would be great for internal websites that are not linking to other pages. This could provide a good solution for a public kiosk setting. For example, the school I work at wants to have 2 computers out that only go to our internal library database but don’t want the system to be used for other internet activities.

]]> By: ThoufiQ http://isisblogs.poly.edu/2008/03/13/single-site-browsers/#comment-265 ThoufiQ Thu, 13 Mar 2008 18:45:07 +0000 http://isisblogs.poly.edu/2008/03/13/single-site-browsers/#comment-265 Sound like something iTunes currently has. It integrates a ssb for itunes store.. There may always be a possibility of running unsafe activex code or java script on the single site from a compromised website. Maybe something like the "random js toolkit" attack recently. These kind of attacks would defeat the pupose of ssb. I am assuming an external link in a site would trigger a new ssb browser. In this scenario wont you completely lose UI ? The interface is going to end up with too many windows scattered around. Sound like something iTunes currently has. It integrates a ssb for itunes store..
There may always be a possibility of running unsafe activex code or java script on the single site from a compromised website. Maybe something like the “random js toolkit” attack recently. These kind of attacks would defeat the pupose of ssb.

I am assuming an external link in a site would trigger a new ssb browser. In this scenario wont you completely lose UI ? The interface is going to end up with too many windows scattered around.

]]>