More attention needs to be paid to the complexity of the web browser and its vulnerabilities.

Speaking at the SC Magazine Unknown and Emerging Online Threats conference, James Rendell, senior technology officer at IBM ISS, claimed that there was a need to realise how vulnerable the web browser can be in the hands of the unknown.

Rendell claimed that as there had been such a change in the profile of the hacker from being a teenager in a dark room with nothing to do to a professional criminal, the web portal should be considered as a major security factor.

Rendell said: “The web browser is often the most complex piece of information running on a desktop, it has variations, mark ups, plug-ins, rendering engines, it is a complex piece of software and when we have complexity we have security vulnerabilities."

He pointed at a recent report that showed that 55 per cent of vulnerabilities affected web-based applications. This, he claimed, showed that as an attacker, you would want your attack to be quick and work on as many platforms as possible and not to be patched.

endell said: “Browsers have vulnerabilities, so how do attackers attack them? The drive-by-download is popular as each frame is within a page, and many web pages have tiles, so the trick is to inject an iframe tag that unbeknown to me will look for content and if content is bad it will distribute malware. It can also modify what is being sent and rendered.”

Rendell concluded by claiming that things need to made simple, and the more simple things can be made for users, the better.