An attacker can also target an application that the browser uses to properly render a website. For example, an attacker can attack RealPlayer, QuickTime, or even the victim's antivirus program.
Defense against these types of threats should always focus on educating users not to click on links from strangers and to be wary of certificate errors. Security managers should spend some time considering which websites users need to go to do their jobs. Also consider developing a white-list approach to user Web access. The filtering would permit users to only access websites that are approved, while blocking everything else.
- Researchers at this year's Black Hat 2008 conference revealed how to use the browser to elude Vista memory protections.
- Get the latest browser security news and expert advice.
Dig Deeper on Application attacks (buffer overflows, cross-site scripting)
Related Q&A from John Strand
Expert John Strand explains how to shore up security as you plan a large-scale advertising campaign. Continue Reading
Expert John Strand reveals an interesting way of addressing man-in-the-middle attacks. Continue Reading
In this expert response, John Strand explains what to do when your personal identity is impersonated online. Continue Reading