Help - Search - Members - Calendar
Full Version: Akahele - False sense of security
> Media Forums > Wikipedia in Blogland
thekohser
False sense of security
by Judd Bagley, September 15, 2009

QUOTE
That Web 2.0 had security issues at inception is not terribly surprising. After all, the deployment of new technologies is almost always dictated by market demand, not by the extent to which the technology is considered mature. Consequently, the early adoption period is usually marked by the hurried development of countermeasures.

That Web 2.0 security continues to be a problem, some five years into its existence, does surprise me. Maybe more to the point, it suggests to me that security flaws may simply be endemic to this iteration of the internet’s evolution.
carbuncle
QUOTE(thekohser @ Tue 15th September 2009, 5:26pm) *

False sense of security
by Judd Bagley, September 15, 2009

QUOTE
That Web 2.0 had security issues at inception is not terribly surprising. After all, the deployment of new technologies is almost always dictated by market demand, not by the extent to which the technology is considered mature. Consequently, the early adoption period is usually marked by the hurried development of countermeasures.

That Web 2.0 security continues to be a problem, some five years into its existence, does surprise me. Maybe more to the point, it suggests to me that security flaws may simply be endemic to this iteration of the internet’s evolution.


BEANS!! BEANS!!!
dogbiscuit
Quality article.

Web 2.0 suffers from Windows 95ness. Windows was designed to be a single user platform, then it got some networking grafted on and this browser thing. With very little thought but a lot of naivety, Microsoft bodged on ActiveX because it did good things.

Web 2.0 is ultimately a hack of old technologies rather than a re-envisioning that was required. I doubt Google Chrome will be a solution because ultimately it will be a clean up of some old operating system concepts rather than that re-envisioning (though there is a part of me that is optimistic that if anyone can sort it out it is Google).

The whole principle of relying on one set of programmers (browser writers) to sandbox other programmers' (the good the bad and the Russian*) work rather than have the sandbox as a fundamental element of the architecture down to the hardware level (virtual machines being really old well understood technology back in the 1960s makes this fairly inexcusable) is fundamentally flawed.**

Then again, it seems the majority of the technology concentrates on visual fluff rather than meaty applications (then again again, the modern world is visual fluff over useful activity) so it is hardly surprising that the effort of development is not on security and reliability but how to get nice fades, see-through graphics and higher quality porn videos.






* Stereotype alert
** Excess parentheses alert
John Limey
Yes, MediaWiki is a remarkably insecure platform. We're not supposed to post hacks or exploits here, but let me tell you that on Wikipedia's installation there's a very simple way for any user to include functional html code, including (but not limited to) JavaScript.

There are also many less hacky, but still fun vulnerabilities. Many of my favorites rely on the css that can be easily (and non-hackingly used on Wikipedia), particularly the old <span style = "display:none"> Combine this with the recent implemented {{DISPLAYTITLE}} and all of the sudden Astrophysics becomes Ass.... Don't hurt yourselves children.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.