What is a Man in the Browser Attack?

Browser vulnerabilities exist due to the limitations of programmers' capabilities, experience, and security technology at the time, and there are inevitably shortcomings in the program. The design was not taken into consideration, and when the program encountered a problem that seemed reasonable but could not be handled in practice, it caused an unforeseen error.

Browser Vulnerability

Right!

Chinese name: Browser Vulnerability
status quo: One of the most widely used software

Results: All come from the user s browsing of web traps
the reason: the reason

When hackers carry out network attacks, the main target is not the operating system. The target of attackers is mainly the browser used in the operating system. It is said that Microsoft's IE browser is in ambush. Using IE browser vulnerabilities to carry out virus attacks has caused many users to suffer losses. At present, many browsers already have multiple versions suitable for operating systems. Browsers used by Windows systems can also be used in other operating systems, so no matter which operating system you use, attackers can Find the breach in your browser. Because all current web browsers have various vulnerabilities, they are one of the most vulnerable targets for hackers. There are more than 300 browser vulnerabilities in the Common Vulnerabilities and Risks (CVE) bulletin. There are dozens of products.

Web browser is one of the most widely used software in the entire network environment. Despite the constant efforts of various vendors to introduce new, better-performing and more secure Web browsers-for example, Google has recently launched a browser called "Google Chrome", and Microsoft is currently testing a new, well-known for"

According to statistics from related security experts, 80% of computer poisoning comes from users browsing web page traps, which shows that web page attacks have become one of the main methods of hacking. Once this attack succeeds, the user's computer will experience abnormalities such as the system running slower, forcing a website to be accessed, the default homepage being changed, and the browser title being changed.

Does anyone think that "higher security" Firefox is immune to all attacks? The answer is completely the opposite. In fact, Chrome or IE8 without the Flash plugin may be more secure. However, the problem is Is not in the browser at all, but lies in the plug-in vulnerability of the browser!

Today's browsers integrate many complex application software plug-ins such as ActiveX, Cookies, Plug-In, Flash Player, Java, and Acrobat Reader. These plugins enhance the browser's capabilities, such as processing images, a user-friendly interface, and various animations. In fact, many websites require users to install additional software to support these features. In addition, most browsers are set to run these bundled programs automatically by default. Except for the Web browser itself, running every application software may contain additional flaws and vulnerabilities, thus increasing the user's security risk.

ActiveX

ActiveX is a plug-in used by Microsoft IE. This technology has various vulnerabilities and operational problems. The most recent vulnerability was discovered in the Microsoft DirectShow Video ActiveX Control last July. Pass-through attacks used this vulnerability to trap thousands of websites and caused Endpoint devices are infected with malware, putting companies at risk of data leakage.

Java

Java is an object-oriented programming language used to support the animated content of the Web. Many software applications using Java have security vulnerabilities that allow arbitrary code to invade and allow hackers to enjoy user rights.

Plug-ins

Plug-in applications are commonly used programs in Web browsers. They may have programming and design flaws, such as cross-domain attacks and buffer overflow attacks. Adobe Flash Player is one of those plug-ins that has received multiple attacks last year.

In addition to using the necessary software protections, Internet users and administrators should regularly patch and update their browsers to ensure they are using the latest version. Browser plugins and related applications should be patched regularly. The ultimate protection is that users limit browser functions and configure security settings, so that Java applets, JavaScript and VBScript, and ActiveX control do not run automatically. This will reduce the risk of attacks through functional holes.

Internet Explorer is used by everyone who is online, but it is also the springboard and tool most commonly used by hackers to attack others. Learn about the loopholes in these IE browsers and how to prevent them, so as not to be hacked and left in the dark.

Vulnerability in IE5.0 when accessing FTP sites (Windows NT system)

When surfing the Internet, many friends often go to some FTP sites to upload some of their good stuff. But just as you entered your username and password, you also told others without any reservations. Because your username and password are not encrypted and stored directly in history in the form of text. Their specific locations are as follows:

English version of IE:

c: winntprofiles [username] historyhistory.IE5index.dat and c: winntprofiles [username] historyhistory.IE5mshist ... index.dat

Chinese IE:

c: winntprofiles [username] cookiesindex.dat

Usually, only the administrators and users of the directories mentioned above can access and modify the directories. But index.dat is accessible by anyone, and it is everyone full control permission level. The default permissions under "Brpass traverse checking" are assigned to each group, which means that each user can access the index.dat file of other users.

Remedy:

</ strong>

1. In addition to the administrator, remove the Brpass traverse checking permissions of other users.

2. Delete the password-related information in the history.

3. Make access control settings for the directories and files of each user's profile! Only administrators and owners can access.

4. When uploading, complete with software such as CuteFTP, do not use IE directly.

IE5.0 ActiveX Vulnerability

</ strong>

In order to enhance its own functions, IE5.0 adds support for ActiveX controls, and can create and copy client files. If the other party does not have good intentions and wants to hack you, this is an extremely convenient shortcut! A hacker can place the executable program in the html application file on your hard disk when the IE user clicks the hyperlink on the webpage, and modify your registry so that the program will run automatically the next time you restart ...

Remedy:

</ strong>

1. Set the security level of IE to high.

2. Disable ActiveX controls and plug-in.

3. Block Active scripting.

Using IE5.0 to attack system vulnerabilities:

</ strong>

The following is a piece of HTML code for Windows 98. Although it is only five lines, if you browse the webpage written with the following code, it will be enough to make your machine dead. If you are online, it will make you fall. network.

In December 2009, a round of cyber attacks called Operation Aurora caused serious violations of the intellectual property rights of dozens of companies. This incident aroused attention to the security of Internet browsers. Check Point pointed out that all web browsers currently have a variety of vulnerabilities and are one of the most vulnerable targets for hackers. Users must be vigilant and beware of a thousand miles of embankment and antholes.

What is a Man in the Browser Attack?

Browser Vulnerability

IN OTHER LANGUAGES

RELATED ARTICLES

How can we help?