Movatterモバイル変換


[0]ホーム

URL:


Skip to content
DEV Community
Log in Create account

DEV Community

Paulo Renato
Paulo Renato

Posted on

     

Browser Based Cyber Threats

After readingthis article I think I should drop it here in order to raise awareness among us developers, because from my experience I know that a lot of them are not aware that when they browse into a website they can be hacked while passively browsing the content of it, even when the site looks perfectly normal and behaves normal.

Quoting the article:

As an example of how a browser-based attack works, consider a scenario where a Windows user visits a seemingly benign but now malicious website, possibly one he or she has visited before, or as the result of an enticing email. As soon as a connection occurs, the user’s browser begins interacting with the site. Assuming the system is using JavaScript, which according to research firms like Web Technology Surveys, 94% of all websites do and over 90% of browsers have it enabled, the browser will immediately download and start executing JavaScript files from the malicious website.

Several techniques that use javascript can be used, like in theBritish Airways orTicketMaster hacks from the well known cyber CriminalsMageCart.

But javascript is not the only vector used for browser attacks, Flash or PDF's can also be used to exploit your browser vulnerabilities.

So all this types of browser attacks will be used to exfiltrate data as you type it, like credentials to login into your bank account or to permanently infect your computer with malware or ransomware.

So we must suspect when a page takes to much time to load or keeps having the spinner active in your tab and hit F12 to look what is doing.

I use9.9.9.9 in conjunction withSteven Black Hosts File to resolve DNS in order to protect me from sites that are considered dangerous (I will do an article later on this setup). Another alternatives exist for the same but they require active software running on my network and I am not feeling confident in allowing it. I also use Firefox with tracking protection always enabled.

Oh did I mentioned you that now the page load time of the pages I visited are much more faster and free of tracking and ads???

Top comments(3)

Subscribe
pic
Create template

Templates let you quickly answer FAQs or store snippets for re-use.

Dismiss
CollapseExpand
 
ondrejs profile image
Ondrej
Philosophy, maths & human rights focused technology
  • Location
    .onion
  • Joined
• Edited on• Edited

You mean Firefox ESR? Would not recommend, switch to Chrome instead if you want good advice.
alt text

Also we have discuss it here.

CollapseExpand
 
ondrejs profile image
Ondrej
Philosophy, maths & human rights focused technology
  • Location
    .onion
  • Joined

The article is focused on the Tor Browser, but discuss mainly security holes in Firefox ESR (on which is TB based).

CollapseExpand
 
exadra37 profile image
Paulo Renato
I am a Developer Advocate for Security in Mobile Apps and APIs at approov.io.Another passion is the Elixir programming language that was designed to be concurrent, distributed and fault tolerant.
  • Location
    Scotland
  • Education
    Self teached Developer
  • Work
    Developer Advocate for Mobile and API Security at approov.io
  • Joined

I only use the normal release of Firefox in Ubuntu.

Currently Firefox Quantum 63.0.3

Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment'spermalink.

For further actions, you may consider blocking this person and/orreporting abuse

I am a Developer Advocate for Security in Mobile Apps and APIs at approov.io.Another passion is the Elixir programming language that was designed to be concurrent, distributed and fault tolerant.
  • Location
    Scotland
  • Education
    Self teached Developer
  • Work
    Developer Advocate for Mobile and API Security at approov.io
  • Joined

More fromPaulo Renato

DEV Community

We're a place where coders share, stay up-to-date and grow their careers.

Log in Create account

[8]ページ先頭

©2009-2025 Movatter.jp