Top Five Vulnerabilities Attackers Use Against Browsers

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Top Five Vulnerabilities Attackers Use Against Browsers-6 Next

DNS poisoning

Attackers can poison the DNS system (think of this as the phone book your browser uses to locate a site's IP address by its name) at several different stops. Your machine caches DNS entries and this cache can be poisoned. A special file on your machine can be modified to override DNS servers for certain Web addresses, and DNS servers themselves can even be compromised and forced to serve up bad IP addresses for reputable sites. Once the attack is in place, your browser will contact an attacker's server instead of the legitimate server for any targeted website. Attacks like this typically target banks and other financial institutions, fooling users long enough for them to give up account credentials, which are then used to empty their accounts.

Ways to avoid: Always look for "https" at the beginning of the site's address when visiting a sensitive website to do financial transactions, and (again) don't ignore browser warnings. Attackers who have poisoned your DNS lookups still can't forge the certificates used for TLS, so in many cases they'll use a non-TLS ("http://...") address and hope users don't notice.

Web browsers are the primary target for many attackers these days, because so much sensitive data passes through them. From casual shopping to enterprise management systems to military operations, browsers have become the primary vehicle people use to access network-connected systems. Unfortunately, browsers have a long and storied history of vulnerabilities that have provided attackers with a lucrative and near-endless supply of victims upon which to prey. Quarri Technologies, Inc., a Web information security software company, has identified some of the top vulnerabilities attackers use against browsers.

Note: This slideshow is focused on browser vulnerabilities, not website vulnerabilities (SQL injection attacks, XSS, XSRF, et al). The distinction is subtle but important.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

Privacy rollback Security Pros Give Their Opinions on ISP Data Privacy Rollback

IT staff, organization leaders, and the average citizen have all expressed levels of concern over the FCC about-face in regard to ISP privacy. Here’s what the security experts say. ...  More >>

IT security skills 7 Top Skills for Security Pros

Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ...  More >>

IT security careers The Most In-Demand Security Jobs and How to Get Them

Security professionals are in demand right now, and entry-level security jobs generally fall into either an engineer or analyst role. Find out more about required skills and career paths. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.