Chapter 9. Internet Browser Attacks
Chapter 8 gave a brief introduction to the World Wide Web and Internet browser technologies. This chapter will discuss specific exploits based on those technologies and tell you the steps you can take to detect and prevent them.
Browser-Based Exploits
Microsoft reported a hundred vulnerabilities against their products in 2000 alone, most involving Internet Explorer. To Microsoft’s credit, they maintain a nice security web site and publish security bulletins (see Figure 9-1) to warn end users. Microsoft’s security web site and bulletins can be found at http://www.microsoft.com/security.
Figure 9-1. Example Microsoft security bulletin
For the most part, these holes have been closed, or will be closed by the time you read this book. The problem is that security holes keep being discovered at an alarming rate and not with less frequency. Learning about some of the past holes will teach you about what to expect in the future. Having followed Internet browser security since its inception, I can tell you many exploits will be back in some altered form. Chapter 9 does not discuss Java or ActiveX exploits, which are covered in future chapters.
Many exploits are available with little or no program coding. For example, some supposedly protected web sites can be accessed by simple manipulation of the browser. For example, the online banking site, Barclays
Get Malicious Mobile Code now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.