Published 16 years 4 months ago • Last updated March 22, 2025 • ⏱️ 3 min read
I was thinking about how to prevent a user being exploited lately by whatever method. One thing most attacks have in common is that a user generally needs to initiate the attack by clicking on a email or web site link from a social network. There's a obvious pattern here. Granted some attacks are conducted on the application itself an XSS worm or network worm for example but these aren't as common as the majority of attacks that require some form of initiation.
My solution? The safety net! When your average joe clicks on a link from twitter, they usually want to watch a funny video or something. Using this to it's advantage the safety net detects when this happens, it is aware of the context of a email for example or that this particular social network is quite popular. When a user clicks a link from that context the browser doesn't need to send any cookie related information from anywhere whilst in the "Safety net".
It acts as a sandbox for the user protecting them from bad stuff, the user should be aware that they're in it and should not be able to browse like normal unless they open a new window in the traditional means. It could also work for phishing, prompting the user not to enter any confidential information or maybe disabling form input completely except for whitelisted sources. Corporations could configure their safety net to be more restrictive, a policy for disabling javascript for example or maybe only allowing Flash to play video and not execute actionscript.
If anyone thinks this idea isn't too crazy and decides to implement it here are a couple of suggestions I'll refer to the Safety net as SN:-
Additionally I suggest a meta tag to identify social networks:-
<pre lang="javascript"> <meta name="identify" content="Social Network" /> </pre>