Top Five Vulnerabilities Attackers Use Against Browsers

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Top Five Vulnerabilities Attackers Use Against Browsers-6 Next

DNS poisoning

Attackers can poison the DNS system (think of this as the phone book your browser uses to locate a site's IP address by its name) at several different stops. Your machine caches DNS entries and this cache can be poisoned. A special file on your machine can be modified to override DNS servers for certain Web addresses, and DNS servers themselves can even be compromised and forced to serve up bad IP addresses for reputable sites. Once the attack is in place, your browser will contact an attacker's server instead of the legitimate server for any targeted website. Attacks like this typically target banks and other financial institutions, fooling users long enough for them to give up account credentials, which are then used to empty their accounts.

Ways to avoid: Always look for "https" at the beginning of the site's address when visiting a sensitive website to do financial transactions, and (again) don't ignore browser warnings. Attackers who have poisoned your DNS lookups still can't forge the certificates used for TLS, so in many cases they'll use a non-TLS ("http://...") address and hope users don't notice.

Web browsers are the primary target for many attackers these days, because so much sensitive data passes through them. From casual shopping to enterprise management systems to military operations, browsers have become the primary vehicle people use to access network-connected systems. Unfortunately, browsers have a long and storied history of vulnerabilities that have provided attackers with a lucrative and near-endless supply of victims upon which to prey. Quarri Technologies, Inc., a Web information security software company, has identified some of the top vulnerabilities attackers use against browsers.

Note: This slideshow is focused on browser vulnerabilities, not website vulnerabilities (SQL injection attacks, XSS, XSRF, et al). The distinction is subtle but important.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

BitSightRansomware0x Ransomware: The Rising Face of Cybercrime

Ransomware is a legitimate threat, with estimates from the U.S. Department of Justice showing that over 4,000 of these attacks have occurred every day since the beginning of the year. ...  More >>

Security121-190x128 5 Ways CFOs Can Implement an Effective Cybersecurity Strategy

While cybersecurity concerns are widespread, finance remains one of the most vulnerable areas for malicious attacks. ...  More >>

infra100-190x128 Top 10 Strategic Technology Trends for 2017

Here are the top 10 strategic technology trends that will impact most organizations in 2017. Strategic technology trends are defined as those with substantial disruptive potential or those reaching the tipping point over the next five years. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.