Google has released an extension for its Chrome browser that helps developers and security testers identify websites that execute unsafe code on end user computers. The release of DOM Snitch, as the experimental extension is known, comes five weeks after application security provider Mind Security published a Firefox extension …
Does the Chrome browser extension that detects unsafe things also work in IE to detect the Chrome plug-in being run bypassing security controls?
Or does this new DOM extension have access to Chrome's built-in pre-fetching technology so that you don't have to click after it should already know its a bad site?
Chrome ... the browser of contradictions, what a mess!
Thankfully, I'll never use it or recommend its use. But it is noteworthy as a catalog/mish-mash ...
They're opening themselves up a bit here
"Google stresses that there are no guarantees that DOM Snitch will work flawlessly for all web applications."
So if this application falsely flags a company's sites as insecure when they aren't (as verified by their own penetration testers) and thus wrongfully gives visitors a bad impression, Google may be sued for libel? I'll be interested to see how long this lasts.
re: Opening themselves up a bit
While anybody can sue anybody for anything, they are probably pretty safe. The plug-in isn't installed or enabled by default, and theoretically the only people using it are those with technical knowledge who know the repercussions of using it - and who agree to the hold-harmless agreement when they install it.
And the difference
between this avoid all responsibility for the quality of this software statement and the EULA on most if not all other software is what exactly?
The results returned if in error would just be declared a false positive, I am not aware of any AV companies being sued for bricking an OS. Or MS being sued for selling product that is so flawed that it lends itself to being owned by unauthorised third parties.
It is a get out of jail free card and whilst I accept securing and ensuring the reliability of complex software systems is difficult, I would much more prefer a statement along the lines of "There is no guarantee that this software is fit for purpose" in an EULA rather than the weasel words that are usually employed.
Its still alpha/beta
Google's probably going to have the "its still a beta" excuse for a few more years at least.
Isn't this tool a security threat in itself?
Tool requires access to all website data. Fair enough, but how much does it know about my banking site contents and stuff on other https sites?
Well, exactly the same as your browser does.
Re: They're opening themselves up a bit her
"and thus wrongfully gives visitors a bad impression, Google may be sued for libel? I'll be interested to see how long this lasts."
The internet security/virus companies have been doing this for years and they don't seem to have managed to get themselves sued yet!
Too much performance hit.
- Fee fie Firefox: Mozilla's lawyers probe Dell over browser install charge
- 20 Freescale staff on vanished Malaysia Airlines flight MH370
- Neil Young touts MP3 player that's no Piece of Crap
- Review Distro diaspora: Four flavours of Ubuntu unpacked
- Sysadmins and devs: Do these job descriptions make any sense?