[GTALUG] Firefox is a pig
Walter Dnes
waltdnes at waltdnes.org
Mon Nov 17 21:46:48 UTC 2014
On Mon, Nov 17, 2014 at 01:33:30PM -0500, D. Hugh Redelmeier wrote
> | From: Walter Dnes <waltdnes at waltdnes.org>
>
> (Nice hack to run multiple browser instances.)
>
> | * As others have pointed out, the Java plugin is a major security hole,
> | a cross-platform equivalant of Active-X. Remove, or disable the
> | plugin.
>
> No, it isn't like Active-X. Totally different security model.
>
> Active-X: total trust in signed plug-ins
>
> Java: sandbox the application so that it isn't able to do unauthorized
> things. Unfortunately, the attack surface is large enough that there
> were likely and have been implementation failures.
I understand the differences "under the hood", but conceptually, at an
abstract level, it's the same. A diesel-engined car has a different
powersource than a gasoline-engined car or an electric car. But in the
end, they accomplish the same task, i.e. moving a few people and some
groceries around. And they're all capable of getting into accidents.
Same thing with Java and Active-X, they involve downloading code from
a webpage and executing it on your machine. And they're all capable of
security breaches. Yes, they're different "under the hood", but the
results are often the same.
--
Walter Dnes <waltdnes at waltdnes.org>
More information about the talk
mailing list