In this lecture Douglas Crockford talks about some of the security threats that we face today on the web. Many of the problems, says Crockford, come from the amount of diversity on the web. Mashups (which is the combining of programs with different interests), too many languages with separate encoding and commenting, and the nesting of these languages are just a few of the complications that a browser will encounter on a typical day. Because of this the browser must do heroic things in order to decipher many web pages that then give attackers easier access to sensitive data.
Crockford goes into much more in this lecture such as what an attacker can access on the web and how advertisers can compromise security. My full notes can be found here.
No comments:
Post a Comment