InfoSec Philippines

Information Security, Technology News and Opinions

Mostly Browser News, Dec 16, 2008

Posted by Jaime Raphael Licauco, CISSP, GSEC on December 16, 2008

A couple of news items regarding browser security have been cropping up these days, mostly about Internet Explorer vulnerabilities.

(Heise) Zero day exploit for Internet Explorer is spreading
(Heise) Internet Explorer 6 and 8 also affected by zero-day vulnerability
(SC Mag US) Internet Explorer zero-day infection rates grow
(SC Mag US) New zero-day Internet Explorer exploit uncovered

One of the ways this risk can be mitigated (aside from not using IE) is removing Admin rights. Beyondtrust gives a webinar on how to eliminate Admin rights using their Privilege Manger here. For typical SOHO users, just make a limited user account and as much as possible, try not to use your Admin account.

For people that aren’t paranoid enough surfing the web and having the appropriate controls while doing so, this article on Heise Security online talks about the Fiesta exploit pack (yes the name is correct) which costs $850 and contains 25 different exploits designed to infect users when they VISIT a webpage.

A different article on the same website talks about Chrome being at the bottom in terms of password management. I personally do not recommend allowing your browser to remember passwords. Google Chrome fans might want to check out the Iron Browser which is a more secure version of Chrome. Speaking of Chrome being the most insecure browser for password management… Google has released a browser security handbook which talks about the security features of browsers and issues that could lead to weaknesses. The current version of the handbook covers IE 6, IE 7, Firefox 2, Firefox 3, Safari 3.2, Opera 9.62, Google Chrome 1.0.154.36 and the Android embedded browser.


Other InfoSec News:
(Times Online UK Blog) This woman sent Nigerian scam artists $400,000 – a fool or a victim?
(Computerworld) Apple patches 21 Mac OS X Vulnerabilities
(BBC) Inmate escapes German jail in box
(Wall Street Journal March 10, 2008 article) NSA’s Domestic Spying
(SC Mag US) Forecast: Security threats for 2009
(SC Mag US) The five myths of two-factor authentication


Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: