Browser developers fight phishers
Wednesday, 23. November 2005, 16:20:40
Browser developers team up to thwart hackers at a security summit
By John Leyden - The Register
Published Wednesday 23rd November 2005 12:27 GMT
Security developers representing four of the major browser firms have met up to discuss how to combat security threats. Techies working on Internet Explorer, Mozilla/FireFox and Opera teamed up with the folks from Konqueror to discuss how to combat security risks posed by phishing, aging encryption ciphers and inconsistent SSL Certificate practices. A surprising amount of consensus emerged through the informal meeting, hosted by Konqueror's George Staikos in Toronto last week.
All agreed to push ahead with plans to introduce stronger encryption protocols. "With the availability of bot nets and massively distributed computing, current encryption standards are showing their age," Staikos writes. "Prompted by Opera, we are moving towards the removal of SSLv2 from our browsers. IE will disable SSLv2 in version 7 and it has been completely removed in the KDE 4 source tree already."
Colour coding the address bar on browsers, to indicate whether the digital certificate of a site has been validated, and Microsoft's development of an anti-phishing plug-in for its upcoming IE7 browser also got an informal thumbs up.
A fuller account of the meeting can be found on a KDE development blog here
By John Leyden - The Register
Published Wednesday 23rd November 2005 12:27 GMT
Security developers representing four of the major browser firms have met up to discuss how to combat security threats. Techies working on Internet Explorer, Mozilla/FireFox and Opera teamed up with the folks from Konqueror to discuss how to combat security risks posed by phishing, aging encryption ciphers and inconsistent SSL Certificate practices. A surprising amount of consensus emerged through the informal meeting, hosted by Konqueror's George Staikos in Toronto last week.
All agreed to push ahead with plans to introduce stronger encryption protocols. "With the availability of bot nets and massively distributed computing, current encryption standards are showing their age," Staikos writes. "Prompted by Opera, we are moving towards the removal of SSLv2 from our browsers. IE will disable SSLv2 in version 7 and it has been completely removed in the KDE 4 source tree already."
Colour coding the address bar on browsers, to indicate whether the digital certificate of a site has been validated, and Microsoft's development of an anti-phishing plug-in for its upcoming IE7 browser also got an informal thumbs up.
A fuller account of the meeting can be found on a KDE development blog here
WIDGETIZE