Forwarded from: security curmudgeon <jericho (at) attrition.org> Cc: mark (at) ntsecurity.net : === IN FOCUS: Browsing with Browzar ============================ : by Mark Joseph Edwards, News Editor, mark at ntsecurity / net : : There's a new Web browser in town and so far it looks pretty darn good, : especially from a privacy perspective. However, there is a caveat, which : I'll discuss in a moment. The new tool, called Browzar, is available : free to anyone. The current version is only 264.4KB in size. That's not : a misprint, it's really that small! : Browzar [..] requires Microsoft IE 5.5 or later to be installed on the : computer. Of course it is, since it relies on the huge Microsoft Internet Explorer for most of its capability. Next, can we brag about Firefox only being a bit over five megs?! 04/20/2006 05:54 AM 5,113,904 Firefox Setup 1.5.0.2.exe : Browzar is billed as "the first ever 'freedom' Internet browser" because : of the way it works: It doesn't save a cache, history, cookies, : favorites, or other telltale information. : the Browzar site, which runs its own search engine. I noticed that a lot : of the returned results are sponsored links. Of course, you're free to : visit any search engine you want by entering its URL into the address : box. : Browzar will come in handy when you use shared computers, such as those : found at libraries, hotels, conferences and conventions, coffee shops, : and business partner and customer networks. Keep in mind that this newly : released tool is still in beta development, so while it worked really : well during my test, it does have bugs. For example, some people report : that it doesn't delete all cached Web pages and others report that it : sometimes might leave the last visited URL in IE's index.dat file. I : confirmed the latter bug through my own tests but wasn't able to : reproduce the first bug. So the ONLY redeeming quality of this browser, that it doesn't save sensitive information .. goes out the window when some of the 'bugs' involve saving sensitive information or not deleting it properly? Mozilla has this feature, and it works just fine. Now, let's look at what happens when other people examine the browser! Let me quote some relevant parts of various mail list posts recently.. http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0001.html Maybe Browzar cleans after itself? So closing Browzar, opening the index.dat again. Still there. Wow, that's privacy you can trust. http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0005.html Browzar apparently wraps IE - so the User Agent will be the same as your IE installation. Anyone else think this is less about privacy and more about the default sponsored search/home page coded into the browser (which apparently can't be changed? http://digg.com/security/New_secure_browser_Browzar_is_fake_and_full_of_adware It doesn't suprise me, the guy behind it started Freeserve, which was another rubbish company. Also AKQA, although I always thought they were an okay agency. Mind you, I think his greatest skill is marketing vapour Who wants to use a web browser, so crippled that you cannot even set your own homepage without using a hex editor? http://web3.0log.org/2006/09/01/new-secure-browser-browzar-is-fake-and-full-of-adware/ 1. Enter IE, go google.com, logoff if necessary, close IE 2. open browzar, go google.com, autheticate with your gmail account 3. close browzer 4. open IE, go google.com. still authenticated!!! perhaps it needs some more debugging. http://news.bbc.co.uk/1/hi/technology/5310114.stm 'Adware' attack on privacy tool Software that claimed to provide increased privacy whilst surfing the web has been criticised by computer experts and the blogging community. _________________________________ HITBSecConf2006 - Malaysia The largest network security event in Asia 32 internationally renowned speakers 7 tracks of hands-on technical training sessions. Register now: http://conference.hitb.org/hitbsecconf2006kl/
This archive was generated by hypermail 2.1.3 : Thu Sep 07 2006 - 00:00:29 PDT