Tag: browsers

Browsers don’t matter?

The most secure browser is still as weak as the operating system it runs on (or something like that).

All Web browsers are insecure to some degree, though, because they all must work with flawed code in the operating systems. There are some indications of progress, such as frequent patches from Microsoft and Mozilla to close security holes. Still, these actions may be too little too late if a zero-day exploit is the attack weapon.

I think you still have choices, as some browsers are more prone to hammering than others. Firefox doesn’t get it like IE, and Safari gets it even less. Still, some argue that certain browsers are simply built better. Anyone have an answer for that?
(more…)

With fancy AJAX sites come fancy scripting bugs

How soon we all forget. Javascript vulnerabilities have been known for years. When they turned into a problem, browser developers added the option of turning off Java/Javascript, and placed said option on the privacy and security tabs of their browsers’ preference menus. People turned it off.

As I see it, a while later Google made Javascript kind of a “must have” when they introduced contextual ads – you can’t see any Adsense-based content ads if you turn off Javascript. Then developers rallied behind AJAX, as it made websites all kinds of dancing fancy, jumping around, menus a’ popin up and all that jazz.

Hackers enter stage left: AJAX can be tweaked to take over PCs.

“Ajax works under the covers to make websites really responsive, but criminals can just as easily use it under the covers to do some bad stuff.” – noted Billy Hoffman of SPI Dynamics, at Blackhat.

While you are being dazzled, someone may be stealing you blind. Yep, short-term memory.