Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: How to stop data leakage."

Download it now to read this article plus other related content.

3. User information
All three browsers allow the user to delete potentially sensitive information--history, off-line content (e.g., media player content in temp files), cookies, temporary files cache, registry modifications and other sensitive data.

    Requires Free Membership to View

Firefox 1.0.7
Firefox, as well as Netscape and IE 7.0, allow users to clear information such as history, cookies and cache. All sensitive information in IE 7.0 can be cleared with a single mouse click.

Unfortunately, all this deleted information is readily accessible using tools such as Undelete or ActiveWin. Deleting data may defeat the casual snoop, but don't depend on this feature for strong security. IE 7.0 has a nice feature that permits a user to delete all "sensitive" information via the click of a single button. Firefox and Netscape require a bit more navigation within the browser options tab. Netscape and IE both permit you to automatically schedule data deletion such as browsing history.

4. Multi-threading
All three browsers feature site-parsing engines that can spawn multiple threads for retrieving data and thus download faster (Firefox was the first to integrate this feature, a key to its early popularity). The security concern with multi-threading is the browser's ability to secure each of, say, 1,000 concurrent sessions spawned on a site. We tried to compromise individual tunnels using man-in-the-middle attacks to inject untrusted code, but all the browsers thwarted our attempts.

5. URL Obfuscation
An offshoot of the antiphishing capabilities in all of the browsers are their ability to identify sites that may be attempting to obfuscate their URL patterns. For instance, a malicious site that wants to get your credit card information might launch a browser window that looks exactly like your online bank. While it might look and feel like your Acme Bank site, www.acmebank.com, in reality, the hidden URL would have shown it was coming from the clever phony site, www.my-acmebank.com.

IE 7.0 requires each Web site to display its URL, while Firefox and Netscape still retain the option to hide the address bar. Additionally, IE 7.0 allows you to limit the URL character set to the language of your choice, thwarting hackers who use foreign characters to fool users. While the option to hide the address bar embraces user-friendliness, it limits the ability of administrators trying to centrally manage these configurations.

This was first published in January 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: