Top Five Vulnerabilities Attackers Use Against Browsers

1 | 2 | 3 | 4 | 5 | 6 | 7
Next Top Five Vulnerabilities Attackers Use Against Browsers-5 Next

Man-in-the-middle attacks

An attacker who has access to any point in a network connection between a user and sensitive websites (a "man in the middle") has the opportunity to observe and modify traffic as it passes between the browser and the Web server(s). Websites that use TLS (sites whose addresses start with "https") help defeat this, because an attacker of this type has a very hard time faking the cryptographic certificate used by the server to authenticate itself to the browser. However, attackers know that a lot of users have been conditioned to just click through warnings when they appear, and so they can use an invalid/forged certificate and in many cases users will ignore the browser's warnings.

Ways to avoid: Don't ignore browser warnings. When in doubt, try a different machine or Internet connection, or just wait to conduct your sensitive transaction later.

Web browsers are the primary target for many attackers these days, because so much sensitive data passes through them. From casual shopping to enterprise management systems to military operations, browsers have become the primary vehicle people use to access network-connected systems. Unfortunately, browsers have a long and storied history of vulnerabilities that have provided attackers with a lucrative and near-endless supply of victims upon which to prey. Quarri Technologies, Inc., a Web information security software company, has identified some of the top vulnerabilities attackers use against browsers.

Note: This slideshow is focused on browser vulnerabilities, not website vulnerabilities (SQL injection attacks, XSS, XSRF, et al). The distinction is subtle but important.


Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

More Slideshows

PAM PAM Solutions: Critical to Securing Privileged Access

To protect the company from those insiders who abuse their privileged access and from hackers with stolen credentials, many companies are turning to a privileged access management (PAM) solution. ...  More >>

Fake news How Can We Fix the Fake News Problem?

Is fake news a security issue? Some say yes, as it can be used as a social engineering tool to spread disinformation and conceivably to get unsuspecting users to click on malicious links. ...  More >>

blockchain The World According to Blockchain

Blockchain comes with many costs and is surrounded by confusion. Here, we examine realistic use cases, drawbacks and the potential of blockchain. ...  More >>

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.