CFA/Security-Research: Difference between revisions

From MozillaWiki
< CFA
Jump to navigation Jump to search
 
(4 intermediate revisions by the same user not shown)
Line 5: Line 5:
== General Browser Capabilities ==
== General Browser Capabilities ==


* [[CFA/Security-Research/AntiPhishing|Anti-Phishing]]
* [[CFA/Security-Research/MalwareDetection|Malware Detection]]
* [[CFA/Security-Research/MalwareDetection|Malware Detection]]
* [[CFA/Security-Research/AntiPhishing|Anti-Phishing]]
* [[CFA/Security-Research/Passwords|Passwords]]  
* [[CFA/Security-Research/ContentEnabling|Content Enabling]]
* [[CFA/Security-Research/ContentEnabling|Content Enabling]]
* [[CFA/Security-Research/Cookies|Cookies]]  
* [[CFA/Security-Research/Cookies|Cookies]]  
* [[CFA/Security-Research/Passwords|Passwords]]
* [[CFA/Security-Research/WarningMessages|Warning Messages]]
* [[CFA/Security-Research/WarningMessages|Warning Messages]]
* [[CFA/Security-Research/Encryption|Encryption (Protocols and Certificates)]]  
* [[CFA/Security-Research/Encryption|Encryption (Protocols and Certificates)]]  
Line 49: Line 49:
* [https://addons.mozilla.org/en-US/firefox/addon/1033 PwdHash]- automatically generates per-site passwords, and the same password for each subdomain; prevents JavaScript from reading your password as it is typed
* [https://addons.mozilla.org/en-US/firefox/addon/1033 PwdHash]- automatically generates per-site passwords, and the same password for each subdomain; prevents JavaScript from reading your password as it is typed
* [https://addons.mozilla.org/en-US/firefox/addon/957 Petname Tool]
* [https://addons.mozilla.org/en-US/firefox/addon/957 Petname Tool]
* [http://safecache.com/ SafeCache]
* [http://www.safehistory.com/ SafeHistory]
* [https://addons.mozilla.org/en-US/firefox/addon/315 View Cookies]


=== Internet Explorer ===
=== Internet Explorer ===
Line 62: Line 65:


== Meeting Takeaways ==
== Meeting Takeaways ==
* Malware Prevention
** Haute Secure provides good information and a good user experience
*** Blocks pages that are malicious
*** Blocks specific malicious content on non-malicious pages, and issues a non-obtrusive warning
*** Work with Haute Secure on Firefox extension (currently only for IE)
** StopBadware.org
*** Doesn't help character encoding and flash cases
*** Requested numbers on the effectiveness of StopBadware.org
* Anti-Phishing
** Default URI blacklist is over 70% effective
** Checking vs. google online yields only slightly better results
* Passwords
** Use SRP (Secure Remote Password) protocol to integrate secure password authentication into applications
** Improve password security by moving away from web-forms
*** Sxipper creates strong passwords when registering and encrypts stored data
*** Sxipper also saves users time with seamless integration and single click logins

Latest revision as of 17:59, 10 August 2007

« Comparative Feature Analyses
« Security Notes

General Browser Capabilities

Purpose

Examine a bunch of browsers, existing Firefox Add-ons, and web services to generate a report that describes:

  • Which capabilities each has
  • A summary of where each is different/unique
  • Some conclusions about which aspects seem most innovative and interesting that we might want to consider for Firefox

Browsers to investigate

  • Firefox 2
  • Camino
  • Flock
  • iCab
  • IE 7
  • Maxthon
  • Netscape
  • OmniWeb
  • Opera
  • Safari
  • SeaMonkey
  • Shiira

Add-ons to investigate

Firefox

Internet Explorer

  • Online Protection
    • SpyWall Anti-Spyware - IE sandbox blocks attacks encountered while browsing the web; detects and removes spyware (not free)
    • 1-Click SignupShield Suite - enhanced password manager; protects against phishing fraud and automatically fills out forms; generates unlimited number of unique passwords and disposable Email addresses for signing up to Web sites. It fills sign-up forms and encrypts passwords and Email addresses for later use during sign-in. When you need to sign-in to a Web site, SignupShield automatically retrieves the correct e-mail address and password and fills in the sign-in form for you (not free)
    • McAfee SiteAdvisor for IE - protects from spyware, adware, spam, viruses, browser exploits, and online scams. SiteAdvisor has safety ratings.
    • Password Scrambler - automatically present unique passwords to the sites you visit, generated from a unique master password you choose. It achieves this by uniquely scrambling your password for every site you visit, so every site gets a unique, secure and hard-to-guess password, while you only remember one.
  • Parental Controls
  • Pop-up Blockers
  • Privacy

Meeting Takeaways

  • Malware Prevention
    • Haute Secure provides good information and a good user experience
      • Blocks pages that are malicious
      • Blocks specific malicious content on non-malicious pages, and issues a non-obtrusive warning
      • Work with Haute Secure on Firefox extension (currently only for IE)
    • StopBadware.org
      • Doesn't help character encoding and flash cases
      • Requested numbers on the effectiveness of StopBadware.org
  • Anti-Phishing
    • Default URI blacklist is over 70% effective
    • Checking vs. google online yields only slightly better results
  • Passwords
    • Use SRP (Secure Remote Password) protocol to integrate secure password authentication into applications
    • Improve password security by moving away from web-forms
      • Sxipper creates strong passwords when registering and encrypts stored data
      • Sxipper also saves users time with seamless integration and single click logins
Retrieved from "https://wiki.mozilla.org/index.php?title=CFA/Security-Research&oldid=65177"