Security and the Net

News and opinions about security, the internet and more

Entries Tagged ‘browser security’

What if every major browser had the same bug?

Any security professional will tell you that diversity is a good thing; if you use enough different products, it is highly unlikely that all of them will have the same security issue. While this is mostly correct, Amit Klein at Trusteer just released a report (PDF) about a privacy issue that affects all major browsers […]

Leave a Comment

The downside of automatic updates

Just days after a report co-authored by Google claimed that the automatic update feature of the Chrome browser help improve security by silently installing patches without asking for approval from the user, the managed to demonstrate the downside of this approach.

Leave a Comment

Chrome the only browser to survive Pwn2Own

Of the four browsers that were targeted in this year’s Pwn2Own contest at CanSecWest, only Google Chrome wasn’t¬†successfully¬†hacked despite the $5000 reward offered: The contest uncovered 4 new and unique critical vulnerabilities affecting the latest and greatest versions of IE, Safari and FireFox. The Chrome browser gets a small nod for being impacted by one […]

Leave a Comment

Internet Explorer 8 released; is it really safer than other browsers?

Along with the release of Microsoft’s Internet Explorer 8, a report by research firm NSS was presented that shows the new version of Internet Explorer is better at protecting users from malware. The (Microsoft-sponsored) study looked at the blacklist features of all modern browsers, using real malware URL’s, over a period of several days. The […]

Comments (2)

About IE8’s clickjacking protection

When the first release candidate for Internet Explorer 8 was released, the accompanying press release mentioned it had the ability to protect users from clickjacking attacks “out of the box”. and that this was possible “without impacting compatibility”. Microsoft has just provided some additional details that show how this protection works; for now, it looks […]

Leave a Comment

All major browsers fixing bugs this week

This is a bad week for browser security; not only is Microsoft rushing out an emergency patch tonight, other browser makers are releasing their own updates as well as people worldwide go online to do their Christmas shopping. Opera released version 9.63 of their browser yesterday, fixing several security issues. The most critical ones allow […]

Leave a Comment

New browser attack: GIFAR files

At the Blackhat conference, a new attack agains webbrowsers was detailed: GIFAR files. These are files that look like a GIF image to the webserver, but like a Java program to the webbrowser. So, you might ask, what is the danger of this? To quote infoworld: To the Web server, the file looks exactly like […]

Leave a Comment