With iGoogle and other Google services all being linked to your Google account, combined with all the recent XSS vulnerabilities, makes a recipe for disaster. So what can you do about it?
Well, we all know not to trust mobile code (Javascript, Actionscript, etc....) and we are using Firefox with Flashblock and Adblock.
But that might not be enough to stop Cross-site request forgery (CSRF) ? Errata Security has a nice solution: Run two separate instances of Firefox, one logged in , and one logged out of Google using Firefox profiles. This allows you to have GMail or other services up on a separate windows on your desktop, but without the danger of XSS bugs crossing over and hijacking the GMail session. Full explanation here.
Well, it's another way then running a Browser Appliance using VMware Player, which is also a possibility. The Browser Appliance can be used for surfing and a normal browser can be used for logging into Google at the same time.
UPDATE: In case of Google services, you can partitition you Google identity. (anti-virus rants)
Saturday
How to avoid Cross Site Request Forgery (for Google)
Subscribe to:
Post Comments (Atom)
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
6 comments:
"This allows you to have GMail or other services up on a separate windows on your desktop, but without the danger of XSS bugs crossing over and hijacking the GMail session."
am i the only one concerned about discovering malicious/compromised pages THROUGH google's other services?
are we not exposed to new content through google reader, igoogle, google groups, etc?
does simply opening google's web apps in a separate browser session prevent that from happening? it doesn't seem like it...
True. That's the current danger of "web 2.0" technology.
www.gnucitizen.org/blog/for-my-next-trick-hacking-web20
From pdp: Web2.0, if I can summarize it with a few simple words, is all about communication, distribution, information, agents, clients and servers. Those who understand the 2.0 fundamentals have the power to manipulate the global Web to suit their needs - hackers, the new digital breed of the 2.0 world. Web2.0 hacking is a mean for communicating and distributing critical information in a better way. It can be used to build ghost infrastructures from where to launch attacks - anonymously, no traces, nothing. Web2.0 hacking is also about the thin line between client-side and server-side security. It is about the endpoints and the electronic highways. It is about reaching the masses and yet being able to perform attacks on specific targets. Web2.0 hacking is also about distribution and influence, covert channels, bots, IA, ghosts inside the electronic frame. Web2.0 hacking is also a movement, a cyber subculture where individuals show their technical abilities, and understandings of the world and use that to manipulate their way through the system.
Actually, that is why I added the Browser Appliance, it adds more layers of security! ;-)
"Actually, that is why I added the Browser Appliance, it adds more layers of security! ;-)"
?? the browser appliance protects the endpoint, but the csrf vulnerability with google remains in the cloud - it doesn't affect the endpoint...
realistically, i can't see any way to prevent exploit pages discovered through google's other services from affecting one's gmail account unless you don't use your gmail account to log into google's other services...
hmm... i suppose it might have seemed like i was fishing for a link but what i was really hoping for was critical analysis and synthesis of new knowledge...
for example, in retrospect one might have pointed out that having to log out of gmail in order to use google reader was inconvenient for some/most people (i use gmail's pop3 access so i don't need to log in in the first place) and that combining a partitioned google identity with a method to instantiate multiple concurrent browser sessions could eliminate some of that inconvenience; while from the opposite perspective, the partitioned identity shores up the multi-session browsing against it's weakness in operating within the domain of google's broad set of services - so the argument could be made for using them both together...
I must agree to your point. I don't take enough time to analyze and absorb information. I collect more then I can read. I have to make choices and follow them through I guess.
Your comment gives a best of breed between the different options. I guess it's segmentation and password management vs single sign on. Functionality and security always were two opposites.
Post a Comment