Re: App Tabs in Firefox 4
Sid Stamm wrote on 6/25/2010 12:17 PM: Once it is an app tab, any links directing the user off the site will open in a new standard tab, so that the user won't be switching top-level document domains in the app tab. A couple of years back, I had a similar idea I called pinned tabs [1], but the focus was exploring ways to passively logout the user. With App Tabs, do the tabs ever get closed? And if not, what effect will that have on sites that use a tickler to determine if the user is still on the site? I'm wondering if for some sites, the user will never be logged out. - Bil [1] (read the last line) https://lists.owasp.org/pipermail/owasp-intrinsic-security/2008-November/72.html ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
Re: App Tabs in Firefox 4
This strangeness occurred to me too. The assumption indeed is that the user expresses trust on sites converted to app tabs; he will check his location and the security UI before converting the tab to an app tab. Once it is an app tab, any links directing the user off the site will open in a new standard tab, so that the user won't be switching top-level document domains in the app tab. There are two other things to consider. There must be a way to get at the security/SSL UI; this will be available when the user clicks the app tab's icon. Also, certificate errors should be obvious; the usual security warnings will show up if there are cert errors. We've briefly discussed downgrading the app tab to a regular tab if the certificate's security properties change (e.g., EV-DV, or a new cert shows up, etc). We also briefly discussed what would cause the tab downgrade to happen (e.g., should we downgrade when the cert changes even if it's valid? This would hose CDNs). Cheers, Sid On 6/24/10 11:18 p, Devdatta Akhawe wrote: Hi I was looking at http://blog.mozilla.com/faaborg/2010/06/24/why-tabs-are-on-top-in-firefox-4/ and noticed the app tabs feature being talked about. I am concerned about the security implications of app tabs. I can't seem to notice any trusted indicator of my current location while in an app tab (slide over to 2:30 in the video). It seems like this would make app tabs ripe for phishing attacks. Is the assumption that the user will always first check his location and only then convert to app tabs ? What exactly is the model here ? thanks devdatta ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
Re: App Tabs in Firefox 4
It seems like a phishing attack would occur if a user clicks on a link and doesn't notice the absence of a new standard tab opening. E.g., I have a link to Bank of America but it's really still in the same site; the user can't see in the indicator bar that it's not bankofamerica.com, because there is no indicator bar. On Fri, Jun 25, 2010 at 12:17 PM, Sid Stamm s...@mozilla.com wrote: This strangeness occurred to me too. The assumption indeed is that the user expresses trust on sites converted to app tabs; he will check his location and the security UI before converting the tab to an app tab. Once it is an app tab, any links directing the user off the site will open in a new standard tab, so that the user won't be switching top-level document domains in the app tab. There are two other things to consider. There must be a way to get at the security/SSL UI; this will be available when the user clicks the app tab's icon. Also, certificate errors should be obvious; the usual security warnings will show up if there are cert errors. We've briefly discussed downgrading the app tab to a regular tab if the certificate's security properties change (e.g., EV-DV, or a new cert shows up, etc). We also briefly discussed what would cause the tab downgrade to happen (e.g., should we downgrade when the cert changes even if it's valid? This would hose CDNs). Cheers, Sid On 6/24/10 11:18 p, Devdatta Akhawe wrote: Hi I was looking at http://blog.mozilla.com/faaborg/2010/06/24/why-tabs-are-on-top-in-firefox-4/ and noticed the app tabs feature being talked about. I am concerned about the security implications of app tabs. I can't seem to notice any trusted indicator of my current location while in an app tab (slide over to 2:30 in the video). It seems like this would make app tabs ripe for phishing attacks. Is the assumption that the user will always first check his location and only then convert to app tabs ? What exactly is the model here ? thanks devdatta ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
Re: App Tabs in Firefox 4
The assumption indeed is that the user expresses trust on sites converted to app tabs; he will check his location and the security UI before converting the tab to an app tab. I am not sure how the app tab UI will work - but if its going to be as simple as 'right click- make app tab' then I don't think this assumption is warranted. If there is a pop-up from the browser 'blahblah.com wants to be an app? Do you trust it?' then maybe I can buy that assumption. We've briefly discussed downgrading the app tab to a regular tab if the certificate's security properties change (e.g., EV-DV, or a new cert shows up, etc). We also briefly discussed what would cause the tab downgrade to happen (e.g., should we downgrade when the cert changes even if it's valid? This would hose CDNs). I am not sure if a downgrade would be noticed. Wouldn't a notification - 'something bad happened' be better? imho, if cert changes from EV-DV we should downgrade, but a DV-DV/EV-EV change might not matter much. thanks devdatta On 25 June 2010 12:17, Sid Stamm s...@mozilla.com wrote: This strangeness occurred to me too. The assumption indeed is that the user expresses trust on sites converted to app tabs; he will check his location and the security UI before converting the tab to an app tab. Once it is an app tab, any links directing the user off the site will open in a new standard tab, so that the user won't be switching top-level document domains in the app tab. There are two other things to consider. There must be a way to get at the security/SSL UI; this will be available when the user clicks the app tab's icon. Also, certificate errors should be obvious; the usual security warnings will show up if there are cert errors. We've briefly discussed downgrading the app tab to a regular tab if the certificate's security properties change (e.g., EV-DV, or a new cert shows up, etc). We also briefly discussed what would cause the tab downgrade to happen (e.g., should we downgrade when the cert changes even if it's valid? This would hose CDNs). Cheers, Sid On 6/24/10 11:18 p, Devdatta Akhawe wrote: Hi I was looking at http://blog.mozilla.com/faaborg/2010/06/24/why-tabs-are-on-top-in-firefox-4/ and noticed the app tabs feature being talked about. I am concerned about the security implications of app tabs. I can't seem to notice any trusted indicator of my current location while in an app tab (slide over to 2:30 in the video). It seems like this would make app tabs ripe for phishing attacks. Is the assumption that the user will always first check his location and only then convert to app tabs ? What exactly is the model here ? thanks devdatta ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
Re: App Tabs in Firefox 4
It seems like a phishing attack would occur if a user clicks on a link and doesn't notice the absence of a new standard tab opening. E.g., I have a link to Bank of America but it's really still in the same site; the user can't see in the indicator bar that it's not bankofamerica.com, because there is no indicator bar. I was thinking more along the lines of a site changing its favicon and appearance while the user is some where else (like tab napping[1]) and the user comes back to get phished. This wouldn't require the user to notice the absence of a new tab, but ofcourse the phished app has to be a app that he commonly keeps open - for me in particular I imagine gmail would work. Seems that the general assumption that Mozilla is making is that all the tabs that the user makes apps are trusted and won't be so rude as to do such not nice things. cheers devdatta [1] http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/ - Open the page, browse somewhere else for a few moments - note how the favicon changes and how the appearance changes. ___ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security