An Embarassingly Simple Approach to Securing Browser Users presented at KiwiCon 2011

by Peter Gutmann,

Tags: Security

Summary : "Web browsers currently do virtually nothing to proactively protect users from malicious web sites. Whether a site has a certificate or not is largely irrelevant, blacklists react too slowly to catch anything but inept phishers, and beyond these security-theatre defences there's nothing available. As a result a browser will happily take a user to an obviously-phishy fake banking site and run evidently malicious Javascript to inject a drive-by download onto their PC. Building on four decades of experience with security design for the built environment (buildings and houses) known as crime prevention through environmental design (CPTED), this talk looks at how CPTED is applied in practice, and how similar principles could be used as part of at an embarassingly simple risk-mitigation strategy that helps protect browser users from malicious web sites."