Monday, August 24, 2009
Monday, August 10, 2009
Web Browser feature vs. risk:
VB Script is a Microsoft scripting language that makes web sites interactive. The added capability of scripting is often abused or attacked by hackers.
- Cross-site Scripting or XSS attack takes advantage of trust relations you have with certain web sites.
- Cross-zone vulnerabilities web browser typically limit access to local files or domains via security zone separation. If your security level is to low, you may be vulnerable.
- Detection evasion Anti-virus, Intrusion Detection System, Intrusion Prevention System looks for and detects specific activity patterns. If a know bad pattern is detected then counter measures can be taken. Web scripting can go undetected due to dynamic nature of programming.
Securing your web browser
The software listed above must be configured properly and you must understand the functionality of ActiveX, Java, and scripting to understand the risk involved with vulnerabilities. Some features you may want to disable or turn on for specific web sites to enhance security.
Most users who have a Microsoft Windows operating system may use Internet Explorer as a default web browser. There are many different web browsers available such as Mozilla, Safari, and Chrome. Since different applications may use different browsers, all must be secured. You may at some point want to have a totally secured web browser for all financial activity and one for general web browsing. By securing your web browser you can minimize the chances that vulnerability in a web browser can be used to comprise your information.
Wednesday, August 5, 2009
Hackers are using vulnerabilities in Web browsers to comprise computer systems. Many of the high profile security breaches have resulted from web browser security holes. I will be reviewing how to protect your data and your Identity.
Active X is used by Microsoft Windows Explorer and allows application to use the browser. Active X has been targeted by Hackers and used to comprise many systems.
Java is object orientated programming that develops content for web sites. Java applets require a Java virtual machine that has the capability to modify operating system settings if exploited properly.
Plug-ins applications are used with browser such as Mozilla, Safari and Adobe Acrobat and typically can not be used outside of browser application or Adobe flash. Plug-ins can contain programming flaws such that allow buffer over flows and other security violations.
Cookies are files used to store data about certain web site. If a cookie is used to store log in I.D. or password, a hacker could obtain unauthorized access to that site by obtaining the cookie.