[kwlug-disc] DuckDuckGo.com -- an alternate search engine
eric+kwlug at gerlach.ca
Wed Jul 28 10:05:20 EDT 2010
Excerpts from Ralph Janke's message of Tue Jul 27 12:32:51 -0400 2010:
> client instead of the server. This allows a smoother user experience
> (i.e. not every user interaction requires a new page being rendered). Do
> you need this for every application - no. However, it can increase the
> usability, to allow i.e. auto-completion of your input.
I've been thinking about this since our discussion last night, Ralph,
involve your machine being taken over, but are still problematic.
Attack #1: Using existing logins
- You're logged into a site you care about (let's say your bank, or
to find recently visited sites that it knows about
- Code navigates your browser to that site (in an invisible iframe) to
see if you're logged in.
- If you are, it starts GETting and POSTing things to do its nefarious
attack #2: Clickjacking
Attack #3: Tabnapping
So whereas in our conversation, you're mostly right, you're not likely
arguably just as bad.
More information about the kwlug-disc