Put the knife down and take a green herb, dude.
One feller's views on the state of everyday computer science & its application (and now, OTHER STUFF) who isn't rich enough to shell out for www.myfreakinfirst-andlast-name.com
Using 89% of the same design the blog had in 2001.
FOR ENTERTAINMENT PURPOSES ONLY!!!
Back-up your data and, when you bike, always wear white.
MarkUpDown is the best Markdown editor for professionals on Windows 10.
It includes two-pane live preview, in-app uploads to imgur for image hosting, and MultiMarkdown table support.
Features you won't find anywhere else include...
You've wasted more than $15 of your time looking for a great Markdown editor.
Stop looking. MarkUpDown is the app you're looking for.
|Wednesday, August 07, 2013|
Google under fire for Chrome browser's password storage policy:
Responding to the controversy, the tech lead for Chrome's browser security team said that they had found that "boundaries within the OS user account [to protect passwords even when a user is logged in] just aren't reliable, and are mostly just theater."
This mostly suggests that the tech lead for Chrome hasn't read Joel Spolsky's Let Me Go Back! strategy letter nor ever heard the saying, "A lock keeps an honest man honest."
"But wait! Joel's not talking about security, you fool! He's talking about how Excel ate Lotus 123's lunch!" you say.
That's right, but he's also talking about barriers to entry.
On this reread, "calculus" seems a bit strong, doesn't it?
But this works with folks trying to read your passwords too. How many little sisters (or slightly seedy buddies) might have access to your browser? Um, lots. Better yet, how many high-end art thieves contribute to Dollar General's shrinkige issue? That'd be essentially none. Completely different "markets" for different sorts of exploits.
More clearly: Folks that install apps on your computer to phone home to some nefarious server in Elbownia do not read your passwords from your settings page. They do whatever they want. Folks that visit your house might.
Reportedly again from the Chrome tech lead:
Consider the case of someone malicious getting access to your account. Said bad guy can dump all your session cookies, grab your history, install malicious extension to intercept all your browsing activity, or install OS user account level monitoring software.
... the conclusion we always come to is that we don't want to provide users with a false sense of security, and encourage risky behavior.
Right, because most passwords stolen from the settings page is from "someone malicious getting access to your account." Your little sister is going to "dump your session" and "install malicious extension [sic] to intercept all your browsing activity" or, get this, "install OS user account level monitoring software." How many times have you seen someone doing this, ever? How many people do you know who could do this? The "market" described above is not the one that needs a master password.
Get out of the ivory tower and back into your living room, Chrome, because that's where your users live.
I'll posit that adding a barrier to entry probably does cut the number of passwords stolen in half. I'd like to see Google's study, not their tech lead's off-the-cuff impressions, suggesting otherwise.
posted by ruffin at 8/07/2013 02:14:00 PM
All posts can be accessed here:
Just the last year o' posts: