By: Dan Guido

Dan Guido — Tue, 29 Apr 2008 04:36:10 +0000

It doesn’t make sense for a malicious user to voluntarily use an SSB, as it offers restricted functionality when compared to a normal web browser or an HTTP proxy. They have nothing to gain and it opens no additional attack vectors.

SSBs are for preventing naive users from shooting themselves in the foot. Unless the organization sponsoring their use takes it a few steps further, into a NAC-like realm, are they doing anything to secure the server-side of the transaction.

By: Kurt

Kurt — Tue, 29 Apr 2008 04:27:55 +0000

Dan,

I think that the assumptions should be stated. If my understanding is correct, you are assuming that the user is naive but not hostile, the client computer is not owned, and the browser works correctly. Are there other assumptions involved in the SSB idea? -kurt

Comments on: Update to Single-Site-Browsers (SSBs)

By: Dan Guido

By: Kurt