What are the basics of a Web browser exploit?
John Strand explains how attackers target a flaw in either the browser or in an application that the browser calls to process a Web request.
An attacker can also target an application that the browser uses to properly render a website. For example, an attacker can attack RealPlayer, QuickTime, or even the victim's antivirus program.
Next, an attacker can submit a malicious Javascript request to the browser, a technique also known as cross-site scripting (XSS) or cross-site request forgery (XSRF). In addition to XSS and XSRF, a creative attacker can gain access to a victim's browsing history, or what is currently in the victim's clipboard. The contents can include the user's password or credit card numbers. The tool that best articulates these attacks is the Browser Exploitation Framework by Wade Alcorn at bindshell.net.
Defense against these types of threats should always focus on educating users not to click on links from strangers and to be wary of certificate errors. Security managers should spend some time considering which websites users need to go to do their jobs. Also consider developing a white-list approach to user Web access. The filtering would permit users to only access websites that are approved, while blocking everything else.
More information:
- Researchers at this year's Black Hat 2008 conference revealed how to use the browser to elude Vista memory protections.
- Get the latest browser security news and expert advice.