unity-design team mailing list archive

Thread
Date

Re: Possible security risk with update-manager

To: Matthew Paul Thomas <mpt@xxxxxxxxxxxxx>
From: "Paulo J. S. Silva" <pjssilva@xxxxxxxxx>
Date: Mon, 14 Dec 2009 13:10:14 -0200
Cc: Ayatana List <ayatana@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <4B26381B.7040709@canonical.com>

> As I wrote in <http://launchpad.net/bugs/370248>: "For several years Web
> browsers have insisted on showing the address bar, or the status bar, or
> both, in any popup window as a way of distinguishing it from native
> application windows. Can you provide a demo which avoids this security
> measure?"
>
> In both Firefox and Chromium, the demo you have pointed to has not just
> the browser's address bar *and* status bar, but also two title bars
> rather than one. If you can provide a more convincing demo, please
> attach it to the bug report.

OK, let me get this straight. Are you saying that all pop-up windows
that appear to you in your browser have the window decorations around
it?

Could you please visit:

http://www.popup-killer-review.com/windowless-swf.htm

This show that it is possible to add a flash application on top of a
web-page without any decorations.Given enough skill it ca have the
right look, doesn't it? I do know any flash, so it would take quite
some effort to create an example myself, but I think it is clear that
what I talking about can be accomplished through flash.

> As I wrote in <http://launchpad.net/bugs/332945>: "...assuming that
> people will see a window that looks like the updates window, and behaves
> like the updates window, but be able to tell that it's fake solely
> because it opened automatically. I think that's quite unrealistic,
> because it would require a much better memory for past actions than
> people usually have. For example, if you open Update Manager yourself
> but get a phone call and have to switch to another task in a hurry, and
> don't return to Update Manager until the next day, you may have no
> memory of opening it the previous day. (Expecting people to then close
> it and reopen it, *just in case* the already-open instance was a fake
> one, would be even less realistic.)"
>

OK. This is true, given a sufficiently convoluted scenario the user
may forget that he has called the update-manager or not once he goes
back to the computer. However this is not the most likely scenario.
Most likely the user will be there using the computer when a malicious
window pops up in the middle of the web page (probably he will be
browsing and have recently moved to the malicious page where the
pop-up lives). Then he can think: "weird, I do not remember calling
update-manager (or any other adminstration window)". In the current
state of affairs the user thinks "Here goes update-manager again...".
So even though not having the pop-up behavior in administrative tasks
would help us explain to user how to behave when they see weird
pop-ups in their computers.

Best,

Paulo

Follow ups

Re: Possible security risk with update-manager
From: Matthew Paul Thomas, 2009-12-15
Re: Possible security risk with update-manager
From: Paulo J. S. Silva, 2009-12-14

References

Possible security risk with update-manager
From: Paulo J. S. Silva, 2009-11-18
Re: Possible security risk with update-manager
From: Matthew Paul Thomas, 2009-12-14