HackDig : Dig high-quality web security articles for hacker

Lock Browser 5.3 (Browser Security, Open Source, Python)

2016-04-21 08:05
This open source tool strictly controls what web browser can access, which stops web browser from loading harmful
content - Phishing, Non-Secure HTTP, or whatever that's not in your whitelist.

"Security flaws in Google Chrome, Microsoft Edge, and Apple Safari were all successfully exploited... browsers as well
as Windows, OS X, and Flash"

Attacks have to make target's browser load attacker's website, which has two scenarios - send the link(phishing), or
control a website that target will visit. The latter is difficult because web servers are usually(not always) much more
secure than web browsers, and attackers simply don't know which websites. The former, Phishing, is "mainstream",
because it's a lot easier: the address of email sender can be faked, the content of email can look 100% legitimate and
compelling, and the URL can hide behind redirection service("dereferer" of email system, t.co, or whatever).

Whitelist - for example, the whitelist contains Gmail, PayPal, Chase, GitHub, and Twitter. Attacker's website is not in
the whitelist, so the harmful content does not reach browser, even if some users are "stupid enough" to click links
from The Phishing Guy.

Project Home Page: https://www.lockbrowser.com/
Source Code: https://www.lockbrowser.com/source/

It's fork of HTTPS Only released in March:
And this is likely the last version - because the source code is so short and simple, maybe there is really no bug
here! Let me hope so.

Kind Regards,

Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/

Source: 76/rpA/6102/erusolcsidlluf/gro.stsilces

Read:2207 | Comments:0 | Tags:No Tag

“Lock Browser 5.3 (Browser Security, Open Source, Python)”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)


Tag Cloud