Stranger Danger: Why Today’s URL Security Model is Broken

Adam Maruyama

By Adam Maruyama



We are all taught by our parents at a young age not to trust strangers. Of course, as we grow into adulthood, we start coming up with our own methods to evaluate whether a stranger is trustworthy or not: instead of simply not speaking with strangers, we make introductions in public places; we rely on mutual acquaintances to pass introductions; and we use instincts, honed by previous experiences, to guide us. But at the end of the day, even though we know that 95% of strangers on the street are harmless, we wouldn’t take the risk of admitting a random stranger into our personal space without a significant amount of vetting.

When it comes to web browsing, we take a very different approach: somehow, we’ve collectively decided to trust most random websites – the “everyday strangers” that have neither bona fides nor overt “stranger danger” vibes – rather than take any of the precautions we’d taken when dealing with such individuals in real life.

On the web, we treat friends, friends-of-friends, and “red flag” websites as we would in daily life. Some websites, like GSuite, Workday, SalesForce, and AWS, are like our friends, whom we’ve evaluated and trusted to bring other acquaintances to the party in the form of web dependencies via iFrames and cross-site scripting. At the other end of the spectrum, when we hear bad things about certain sites from sources like threat intelligence feeds and website categorization services on the proxy, we treat them as personae non grata and ask our “doorman,” the SWG, to make sure they don’t get anywhere near our party.

But when we browse most websites on the open Internet – sites that are neither explicitly trusted nor obviously suspicious – we don’t treat them like we would treat a random stranger off the street. In real life, no matter how well-dressed the stranger is or how harmless they seem, most of us would be reluctant to interact further with them outside a public location or provide them access to our keys or smarthome systems. On the web, however, we happily turn over full access to a browser that has system-level hooks (and had 8 zero-day vulnerabilities in 2023 alone) to any site that doesn’t actively provide us a reason to suspect it of being malicious! Essentially, we’re granting access to the browser, its vulnerabilities, and the remote code execution capabilities that lie beyond to millions of sites – including shell sites set up by nation-state adversaries or sophisticated cyber criminals to host relevant content alongside attack code and legitimate sites that they’ve subverted to deliver targeted malware packages.

Of course, a small subset of high-security organizations takes a very different approach to these websites on the open Internet, applying a deny-by-default policy where such sites are strictly blocked. The analogy of real-life behavior is telling in this situation as well: it would be very difficult to create meaningful professional networks or social lives if we, as adults, followed the strict “never talk to strangers” philosophy that parents teach their preschoolers! This strategy may be possible for an individual – even delightfully tempting for introverts – but it isn’t a recipe for business or organizational success when applied to an entire workforce, and often ends with employees storming the SOC with pitchforks and torches.

Garrison Technology is excited to provide a common sense third option for “random stranger” websites in the form of codeless browsing. Using cloud-hosted proprietary hardware, Garrison ULTRA processes all open Internet webcode on a sacrificial processor, using a one-way connection to a trusted processor that then creates and presents users with an interactive, hardware-accelerated audio/video stream of the website in question without the risk that malicious code will execute on customer systems. It’s the equivalent of meeting a stranger in a public café and seeing, but not tasting, the candy they offer you – you get all the information you need but take none of the risk of stranger danger! To learn more about codeless browsing or set up an evaluation, contact us today.