Browser Threats

Updated on 3rd October 2018
By piyush
2 Minutes Read
34 Views

Browsers today are pretty much par with OS functionality wise but still not as secure as your OS

i) The info. going on the internet is

  • your device info. forming the unique fingerprint of your device.
  • The WebPages you visit.
  • Your behavior analytics i.e. your behavior/response to given content on the webpage helping them predict your likes/dislikes so as to target you for content/ads of your relevance.

The above 3 combined is pretty enough for the website owners to utilize it in a way as we saw in the recent Facebook Cambridge analytics leak.

ii) Client-side vulnerabilities: The browser activities leaks enough info. about your environment for an attacker to perform client-side exploitation.

iii) Phishing: Is your browser secure enough to protect you from visiting malicious links?

iv) Scams/frauds: Does your browser alert you before you end up clicking on a scam website?

v) Adware’s: Malware often creeps into the system with persistent ad trackers that follow you throughout your browsing experience.

MITIGATION MEASURES:

i) Addons/Extensions:

The add-ons stated below are available for Firefox. Same/similar add-ons are available for chrome as well.

  • Use adblockers:
    ublock origin is the nice one to have a fast & focused browsing experience.
    addblog.PNG
  • Anti trackers to resist activity tracking:
    Track me not does it pretty well.
    Dont track me google is another one.
    Privacy Badger automatically learns to block invisible trackers.
    User Agent Switcher also helps for the same up to some extent.
  • Self-Destructing cookies: Self-Destructing cookies is assure that Cookies only persist till the time you need it.
  • History cleaners: One Clean Clears your cache, cookies, history data, HTTP basic auth data at a single click.
  • Pop-up Blocker: Adguard is popular for blocking unwanted pop-ups.
  • Anti JS: Often times, JavaScript in WebPages gets used for malicious purpose. NoScript can be enabled before visiting a site you suspect.
  • Trusted Browsing: Trusted Browsing pretty much locks the active components of the site, to prevent anything malicious from getting executed. Enable it before visiting a site you suspect.
  • Wot web of trust: Wot web of trust indicates the trustworthiness of the sites on Google results & alerts you before visiting any untrusted sites.
  • httpseverywhere: httpseverywhere automatically use HTTPS security on many sites.
  • Anti cryptocurrency miner: MinerBlock Blocks cryptocurrency miners all over the web.

Once you have reasonably secured your browser, Electronic Frontier Foundation can be used to test your browser’s security.

Below images demonstrate the browser security with & without above add-ons.

imgonline-com-ua-twotoone-80uPMkINkrDhix.jpg

[As we can see, panopticlick indicates browser without add-ons as less secure one]

imgonline-com-ua-twotoone-jU0RXMUgB0L7.jpg

[In 1st youtube image you don’t see adds/pop-ups compared to the 2nd one]

ii) Browsing habits/hygiene:

  • Phishing awareness: It’ll be helpful to know how can phishing cause you damage.
  • Untrusted sites/links: After a decent browsing experience, you should be able to distinguish between a trusted & a shadowy website. Stay Aware!!

iii) Privacy care:

  • Leaking your identity information such as email-ids/contact nos. on sites, you rarely use or don’t trust can’t be considered as a nice habit to fall into.
Piyush Tekade
Piyush Tekade
Security Researcher at QOS Technology

Leave a Reply

Your email address will not be published. Required fields are marked *

shares
We're proud to collaborate with Govt. of Karnataka in their latest initiative, Center of Excellence in Cyber Security, to promote Cyber-safe Karnataka and build a pipeline of Cyber Security talent.Learn More
+