Security Researcher Reveals His 'Promiscuous' Browser

Readers ask, is Internet Explorer the ‘promiscuous’ browser or the prudish one? Neither, Grossman responds

January 03, 2008 — CSO — Over the holidays, a story we ran about security researcher Jeremiah Grossman’s "extreme" web browsing drew a lot of attention. Grossman described his workaround for preventing Cross Site Request Forgery (CSRF), an insidious application security vulnerability in which criminals trick a web browser into sending unauthorized requests. To protect himself online, Grossman uses two browsers: a “promiscuous” one, which he uses for ordinary browsing, and a second browser, which he launches and uses only for security-critical tasks such as online banking.

CSO got several e-mails from readers wanting to know which browsers Grossman uses, and the Slashdot crowd bandied about the same question. “I can just imagine Mr. Grossman not quite referring to IE (the promiscuous one) vs. Firefox (the safe one),” wrote one Slashdot user.

Well, not quite. We asked Grossman to ‘fess up about which browser he uses, and it turns out he doesn’t rely on Microsoft Internet Explorer at all, at least not regularly. “For myself personally I use a lot of different ones depending on what I am doing,” Grossman wrote to CSO. “Normally my primary promiscuous browser is Firefox, and my secondaries are using REALLY old and obscure versions of Netscape and Safari--ones that no one uses.”

Send feedback to Managing Editor Sarah D. Scalet.