New system patches security holes for more private browsing


New York, Feb 25 (IANS): Researchers have developed a new system that uses JavaScript decryption algorithms embedded in web pages to patch security holes left open by web browsers' private-browsing functions.

Researchers from Massachusetts Institute of Technology (MIT) described the system "Veil" that makes private browsing more private, at the Network and Distributed Systems Security Symposium in San Diego.

"We asked, 'What is the fundamental problem?' And the fundamental problem is that [the browser] collects this information, and then the browser does its best effort to fix it," Frank Wang, an MIT graduate student, said.

"But at the end of the day, no matter what the browser's best effort is, it still collects it. We might as well not collect that information in the first place," Wang added.

Generally, a browser won't know where the data it downloaded has ended up. Even if it did, it wouldn't necessarily have authorisation from the operating system to delete it.

"Veil" gets around this problem by ensuring that any data the browser loads into memory remains encrypted until it's actually displayed on-screen.

Rather than typing a URL into the browser's address bar, the user goes to the "Veil" website and enters the URL there.

A special server -- which the researchers call a blinding server -- transmits a version of the requested page that's been translated into the "Veil" format.

Once the data is decrypted, it will need to be loaded in memory for as long as it's displayed on-screen. That type of temporarily stored data is less likely to be traceable after the browser session is over.

"Veil" would provide added protections to people using shared computers in offices, hotel business centres, or university computing centres.

It can be used in conjunction with existing private-browsing systems and with anonymity networks such as Tor -- which was designed to protect the identity of web users living under repressive regimes.

  

Top Stories


Leave a Comment

Title: New system patches security holes for more private browsing



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.