Security Busters: Web browser security vs. rogue sites

Security Busters: Web browser security vs. rogue sites

URL blacklists are used by the majority of modern web browsers as a means to protect users from rogue web sites, i.e. those serving malware and/or hosting phishing scams. There is a plethora of URL blacklists/reputation services, out of which Google’s Safe Browsing and Microsoft’s SmartScreen stand out as the two most commonly used ones. Frequently, such lists are the only safeguard web browser...

Extensible Web Browser Security

In this paper we examine the security issues in functionality extension mechanisms supported by web browsers. Extensions (or “plug-ins”) in modern web browsers enjoy unlimited power without restraint and thus are attractive vectors for malware. To solidify the claim, we take on the role of malware writers looking to assume control of a user’s browser space. We have taken advantage of the lack o...

Web Browser Security Update Effectiveness

Improving the Usability of Web Browser Security

Existing Web browsers handle security errors in a manner that often confuses users. In particular, when a user visits a secure site whose certificate the browser cannot verify, the browser typically allows the user to view and install the certificate and connect to the site despite the verification failure. However, few users understand the risk of man-in-the-middle attacks and the principles b...

Security Flaws in the Hotjava Web Browser

The growth of the Internet and the World Wide Web has led to demand for Web extensions, such as the ability to run server-supplied code on a Web client. We examine the HotJava Web browser and the Java language in which it is implemented. We demonstrate several attacks that compromise HotJava's security. Some of these attacks are made possible through browser code that fails to enforce access pe...