First we talk about PHISHING , Direct the user to a counterfeit website and have them enter passwords,credit card details and authentication pin numbers that can be harvested a process is called phishing . A web browser is the best starting point for safety measures against such attacks. However today most of the browser are equipped with phishing filters.
Today all the browsers were tested support the new “High Assurance SSL Certificate” standard. Thus, not only would the connection between the browser ant eh remote server be encoded int eh future but the session can event be authenticated by an independent online resource. Using this approach,only sites that are secure and certified will be displayed green in the address bar of the browser. However there are some of the website operator and banks who make use of this certificate as yet.
HIJACKING The most security problem with browsers is the presence of malicious code on (spy ware and ad-ware )heavy websites code that can be used to hijack your computer. Most of the time, the browser is not the target at all- the target is generally a plug-in(ADD-ON).adware attempts to persuade the user to install one of many innocent-looking Plugin ins that can actually be Trojans disguised as authentic applications. Spy ware forces its way into pre-installed plug-ins on your computer through programming lapses in your installed applications. Consequently the victim loses control over the browser and sometimes over the operating system.
LOCAL SECURITY Phishing and direct attacks over the internet are not the only dangers that lie in wait of browsers. It is only seldom that a hacker gets direct access to a PC and to its files,When the system is infested with a Trojan, the attacker need not be physically present to pic out local data the files in your browser's cache, for instance. The contents of the cache can deliver a pretty clear view of the surfing habits of a user. The cache often contains confidential information such as login details for web mail accounts. The result we could read the cache in all the three browsers and present the colleague with a mail that even contained a forum password he once used. However if the browser's connection is encoded with SSL, The web surfing data is not stored in the cache and therefore does not give away any information. You will see this when the browser address bar has an “HTTP” in it. or it there is a lock icon at the address browser window.IE's competitors not only allow you to control the size of the cache directory and delete it completely , but it is also possible to delete detailed deletion of individual websites.
Cookies discloses which sites were visited by the browser along with the timestamps(depending on the validity of the cookies).
UPDATES There are relatively few known security holes in the new browsers today. Because hackers are waiting until the newer versions increase in popularity before they launch their attacks on them. Internet Explore found over 100 holes in it.(2007).Opera 15 holes. Firefox 36 Gaps.
No comments:
Post a Comment