Skip to content
Naked Security Naked Security

When security bugs become WONTFIX writeoffs [Chet Chat Podcast 262]

Enjoy the latest episode of our computer security podcast!

Sophos Security Chet Chat – Episode 262 – June 7, 2017

Join Chester Wisniewski and John Shier for the latest episode of our security podcast.

LISTEN NOW

(Audio player above not working? Download MP3, listen on Soundcloud or access via iTunes.)

In this episode

  • [00’40”] Russians apparently ‘targeted US election via phishing attacks’
  • [05’52”] Punching down the Judy Android adware: a SophosLabs analysis
  • [09’51”] OneLogin warns that attacker could be able to decrypt data
  • [14’37”] Crysis ransomware master keys posted to Pastebin
  • [16’26”] Chrome bug that lets sites secretly record you ‘not a flaw’, insists Google

    If you enjoy the podcast, please share it with other people interested in security and privacy and give us a vote on iTunes and other podcasting directories.

    Listen and rate via iTunes... Sophos podcasts on Soundcloud... RSS feed of Sophos podcasts...


  • 7 Comments

    Glad someone is talking about how google is making chrome less secure.
    We have people at work that ask to use it “because it’s user friendly”. I tell them No. It proxies (avoiding our security filters) is not secure, supported, or manageable (internally). And a big one-when you click agree to use it, you give google permission to monitor all your browser activity. Which is ridicules when processing other peoples finances (web based apps).
    I’m not a big fan of IE, but for work at least we can set policies and such.

    Google Chrome proxies your browsing traffic? By default, without you telling it to? Are you sure?

    it must, as it gets past our Webfilter appliances (for some things), while FF and IE can’t.

    Choice is important, but more important is that you go into any agreement with eyes wide open. When you control as much of the browser share as Google, you have an implied responsibility to not abuse your position of power. If you love Google and are OK with their decisions, no problem, enjoy your Chrome experience. I just want to be sure those eyes are open to what choices Google is making so you can truly choose the browser that works for you. Choosing Microsoft is getting harder as well. Next time I boot Windows 10 and it asks me why I am using Firefox instead of Edge I might drive down to Redmond and tell them at length. Actually, I will be in Seattle next Friday… Perhaps I should go down on Thursday afternoon and share my “thoughts”.

    Chester, which browser would you recommend for the average user. Thanks.

    I agree with everything in Chester’s answer and I’m going add an addendum: use Firefox because Chrome is too dominant.

    I remember when Internet Explorer had > 90% market share and it was very bad for the World Wide Web. Microsoft wound down the IE6 team and went to sleep. The wait for IE7 was interminable, bugs went unfixed and standards were ignored. Corporate IT departments dug deep holes for themselves by making IE a standard for their intranets which meant they could build houses of cards on proprietary tech like ActiveX.

    Chrome is an excellent browser and I really like it but it is now too dominant and I fear that we’ll rerun some modern version of our previous mistakes with IE.

    The truth is that all modern browsers are excellent: they are feature complete so they compete and drive each other forward on performance, privacy and security. It’s hard to make a bad choice but monocultures are a poor long term strategy.

    Opera is based on Chrome so using that doesn’t help and IE, Edge and Safari are all proprietary to some degree.

    Pick any one and you’ll probably be happy but pick Firefox and you’re keeping the ‘other’ open source codebase alive – the one that started life way back as Netscape Navigator. If and when we need to unseat Chrome because it’s turned into IE, that codebase is likely where we’ll start.

    There are a great many factors to consider when choosing a browser. If you are a Chrome lover, you may wish to consider using some Chrome derivative that has more privacy protections. I use Chromium on occasion and many Naked Security readers are fans of the Opera browser.

    Personally I use Firefox. I am a fan of open source and the values Mozilla represent. That’s just my choice though. Some browsers offer better sandboxing (coming soon to Firefox as well), other privacy guarantees and others simply raw speed.

    Like most things, there isn’t a right answer, other than to keep informed and align your choices with the software and companies that best represent your ideals.

    Comments are closed.

    Subscribe to get the latest updates in your inbox.
    Which categories are you interested in?