Search This Blog

Tuesday, June 21, 2011

Risks on Browser

Phishing (spoofing)
As it relates to web browsers, spoofing is a term used to describe methods of faking
various parts of the browser user interface. This may include the address or location bar, the status bar, the padlock, or other user interface elements. Phishing attacks often utilize some form of spoofing to help convince the user to provide personal information. If a user's browser is vulnerable to spoofing, they are more likely to fall victim to a phishing attack.

Evesdropping

Passive listening to browsing activity in general is a possible attack. The attacker is sometimes known as Eve. It is very hard to validate eavesdropping attacks.

Man in the middle attack

A man-in-the-middle attack (MITM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. The attacker must be able to observe and intercept messages going between you and your website.

Spyware

Spyware  is  computer  software  that  is  installed  surreptitiously  on  a  personal computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent While the term spyware suggests software that secretly monitors the user's behavior, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, but can also interfere with user control of the computer in other ways, such as installing additional software, redirecting Web browser activity, or diverting advertising revenue to a third party.

Malicious Scripting

Some sites may contain malicious scripts, active content, or HTML that will attempt to trick the visitor into providing information, or performing an action that will enable the attacker to gain some privilege. In the absence of vulnerabilities, the attackers rely on social engineering to gain access to the victim’s information.

Java

Java is an object-oriented programming language that can be used to develop active content for web sites. A Java Virtual Machine, or JVM, is used to execute the Java code, or “applet,” provided by the web site. The JVM is designed to separate, or “sandbox,” running code so that it does not affect the rest of the system. Some operating systems come with a JVM, while others require a JVM to be installed before Java can be used. Java applets run independently from the operating systems.

Active Content, or plug-ins

Active Content or plug-ins are intended for use in the web browser. They are similar to ActiveX controls but cannot be executed outside of a web browser. Macromedia Flash is an example of Active Content that can be provided as a plug-in.

JavaScript

JavaScript is a dynamic scripting language that is used to develop active content for web sites. Unlike Java, JavaScript is a language that is interpreted by the web browser directly. There are specifications in the JavaScript standard that restrict certain features such as accessing local files.

VBScript

VBScript is a programming language that is unique to Microsoft Windows. VBScript is similar to JavaScript, but it is not as widely used in web sites because of its limited compatibility with browsers other than Internet Explorer.

Cookies

Cookies are text files placed on your computer to store data that is used by a web site. A cookie can contain any information that a web site is designed to place in it. Cookies may contain information about the sites you visited, or may even contain credentials for accessing the site. Cookies are designed to be readable only by the web site that created them.

Security Zones and the Domain Model

Security Zones and the Domain Model are methods Microsoft Windows uses designed to provide multiple levels of security settings for a single system. While primarily used by Internet Explorer, it can be invoked by other applications on the system that use components of Internet Explorer. 

Add To Google BookmarksStumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditTwit ThisAdd To FacebookAdd To Yahoo

0 comments:

Post a Comment