Companies encouraged to pay more attention to the security of the browser

News by Dan Raywood

More attention needs to be paid to the complexity of the web browser and its vulnerabilities.

More attention needs to be paid to the complexity of the web browser and its vulnerabilities.

Speaking at the SC Magazine Unknown and Emerging Online Threats conference, James Rendell, senior technology officer at IBM ISS, claimed that there was a need to realise how vulnerable the web browser can be in the hands of the unknown.

Rendell claimed that as there had been such a change in the profile of the hacker from being a teenager in a dark room with nothing to do to a professional criminal, the web portal should be considered as a major security factor.

Rendell said: “The web browser is often the most complex piece of information running on a desktop, it has variations, mark ups, plug-ins, rendering engines, it is a complex piece of software and when we have complexity we have security vulnerabilities."

He pointed at a recent report that showed that 55 per cent of vulnerabilities affected web-based applications. This, he claimed, showed that as an attacker, you would want your attack to be quick and work on as many platforms as possible and not to be patched.

endell said: “Browsers have vulnerabilities, so how do attackers attack them? The drive-by-download is popular as each frame is within a page, and many web pages have tiles, so the trick is to inject an iframe tag that unbeknown to me will look for content and if content is bad it will distribute malware. It can also modify what is being sent and rendered.”

Rendell concluded by claiming that things need to made simple, and the more simple things can be made for users, the better.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike