Secure browsing made easy

This sure makes sense:

. . . Jeremiah Grossman, CTO at Whitehat Security and one of the country's most prominent application security researchers, has a workaround he uses to protect himself online. It involves having two browsers: One, which he calls the "promiscuous" browser, is the one he uses for ordinary browsing. A second browser is used only for security-critical tasks such as online banking. When Grossman wants to do online banking, he closes his promiscuous browser, opens the more prudish one, and does only what he has to do before closing it and going back to his insecure browser.

I use three different browsers already -- Opera and Firefox, chiefly, with Internet Explorer only for the one or two sites that demand it -- so it wouldn't be hard to designate one for security-critical sites only. On the other hand, I'm not a very promiscuous browser myself, so perhaps if I am to designate one browser as special-purpose, it should be so designated for exploring sites other than the ones I regularly visit. More on Cross Site Request Forgery (CSRF) attacks here; one measure that would appear to reduce vulnerability would be to remain logged on to secure sites only as long as you need to be.

Posted by David on December 21, 2007 9:27 PM