COLUMN

Security Blog Log: Burning about Firefox recruitment

By Bill Brenner 28 Apr 2006 | SearchSecurity.com Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

---------------------------------------------------------------------------------------------------------

The Firefox faithful are stepping up the search for converts, and all the Internet Explorer (IE) security holes Microsoft has scrambled to plug in recent weeks have probably helped the cause.

But one security blogger is frowning on the latest efforts of one pro-Firefox Web site, adding to the ongoing debate over whether Firefox would become as threatened as IE if enough people were using it.

Web developer Sid Karunaratne took the Explorer Destroyer Web site to task in one of his SecuriTeam blog entries this week after it suggested that Web developers use a range of aggressive tactics to make people switch to Firefox.

About Security Blog Log Senior News Writer Bill Brenner peruses security blogs each day to see what's got the information security community buzzing. In this column he lists the weekly highlights. If you'd like to comment on the column or bring new security blogs to his attention, contact him at bbrenner@techtarget.com. Recent columns: Man of God, man of ID theft Yahoo's click-fraud problem Nash, still at helm, addresses IE fixes

The Explorer Destroyer Web site was created by four self-described open source advocates from Worcester, Mass. The site offers free scripts that Web developers can put on their sites to encourage IE users to switch to Firefox. The scripts detect visitors running IE and try forcing them onto the Firefox bandwagon by either showing them a splash page telling them to switch or by putting a big pro-Firefox banner at the top of the page.

Today a number of Web sites won't display or function properly unless the Web surfer is using IE. The Explorer Destroyer team hopes its approach will lead to more sites that only work using Firefox. There's even a financial incentive. The group cooked up a deal with Google where the search giant will pay $1 for each new Firefox user recruited.

"Now you can advance your ideals, save people from pop-ups and spyware hell, and make some serious money," the Explorer Destroyer site said. "Millions of people have heard about Firefox and are ready to switch -- all they need is a friendly push. That's where these scripts come in. They're specially formulated to give just the right push, maximizing souls saved and dollars for you."

The whole concept is silly as far as Karunaratne is concerned. For starters, he asks in his blog entry, "If everyone used Firefox then what's to stop that [from] being the next IE?"

Furthermore, he said, no one browser should dominate. There should be an "even spread" of browser use because it would encourage Web developers and browser providers to maintain high security and functionality standards and speed up browser improvements. "All the various companies would have to constantly improve their browsers to maintain their use base," he added.

Karunaratne compared the Explorer Destroyer effort to a South Park episode where the people rebel against Wal-Mart and burn it down. Then they all shop at a local shop and turn it into the next Wal-Mart, repeating the whole process.

"I'm all for people saying how bad one thing is and promoting another, but to me this seems too far," he said. "They go as far as saying that Firefox has to quickly gain users so that IE 6 users don't switch to IE 7 and stay with it." In his opinion, IE 7 is a good browser that fixes a lot of issues people hate about IE 6.

And regardless of which browser is safer, he said, people are smart enough to choose their own Web surfing tool without being influenced one way or another.

ID cards run into opposition
Moving to another topic, the Identity Theft Spy blog had an interesting item this week on how a group called No2ID is on a crusade against the ID cards the British government wants to issue.

"It's an unavoidable fact that technology has crept into every aspect of our day-to-day lives, so it's no big deal that the U.K government wants to issue identity cards that will carry biometric and other personal information about the holder [that] can be used to conduct financial transactions and apply for public services and benefits," the blog said. "The data on the card will also be stored in a national identity register in a measure that will help prevent identity theft and fraud."

But, Identity Theft Spy noted, No2ID is trying to persuade people to avoid taking part in the ID card scheme by using potential privacy and technical loopholes.

With the government planning to use the renewal and application of passports as opportunities to collect data for the cards, the blog said that No2ID is asking the public to renew their passports in May, regardless of their expiration dates.

The registry is expected to be up and running sometime in 2008, and No2ID national coordinator Phil Booth hopes that if 20,000 to 50,000 additional people renew their passports in May, the campaign will make its point since the renewals will happen just as the passport office is preparing for the busy summer period.

Tags: Security Testing and Ethical Hacking,  Web Browser Security,  Security Awareness Training and Internal Threats,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Testing and Ethical Hacking H.D. Moore speaks about Metasploit Project deal, Release 3.3 Could Metasploit popularity erode? Metasploit Project acquired by vulnerability management firm Rapid7 Should management processes change based on a patch release schedule? Does an EULA make it truly illegal to decompile software? Screencast: BackTrack 4 offers an arsenal of penetration testing tools Security testing firm uncovers XML vulnerabilities Screencast: Samurai offers pen-testing nirvana The requirements needed to make an external penetration test legal McAfee to acquire Solidcore Systems for whitelisting Web Browser Security Exploit code targets Internet Explorer zero-day display flaw InZero Systems launches hardware-based security gateway Web security firm ranks Firefox, Safari browsers as flaw prone Microsoft fixes security update that breaks Internet Explorer Mozilla update repairs Firefox buffer overflow vulnerabilities Kaspersky system analyzes malicious URLs on Twitter for malware Silon malware intercepts Internet Explorer sessions, steals credentials Do Facebook URL security concerns justify blocking social networks? Phishing attacks to remain a major problem, say security experts Adrian Perrig: Improve SSL/TLS Security Through Education and Technology Web Browser Security Research Security Awareness Training and Internal Threats Health Net breach failure of security policy, technology Health Net healthcare data breach affects1.5 million Massive T-Mobile UK security breach involves insiders Secure your remote users in 2010 Layoffs prompt insider threat fears, cybersecurity survey finds How to use Internet security threat reports Creating a HIPAA employee training program Successful rogue antivirus hinges on social engineering External attacks start with unintentional mistakes, survey finds Security technologies fail to address insider threat management

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Cyber Storm  (SearchSecurity.com) ethical hacker  (SearchSecurity.com) ethical worm  (SearchSecurity.com) gray hat  (SearchSecurity.com) honey pot  (SearchSecurity.com) honeynet  (SearchSecurity.com) war dialer  (SearchSecurity.com) white hat  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary