Browser Based Cyber Threats

Paulo Renato - Sep 28 '18 - - Dev Community

After reading this article I think I should drop it here in order to raise awareness among us developers, because from my experience I know that a lot of them are not aware that when they browse into a website they can be hacked while passively browsing the content of it, even when the site looks perfectly normal and behaves normal.

Quoting the article:

As an example of how a browser-based attack works, consider a scenario where a Windows user visits a seemingly benign but now malicious website, possibly one he or she has visited before, or as the result of an enticing email. As soon as a connection occurs, the user’s browser begins interacting with the site. Assuming the system is using JavaScript, which according to research firms like Web Technology Surveys, 94% of all websites do and over 90% of browsers have it enabled, the browser will immediately download and start executing JavaScript files from the malicious website.

Several techniques that use javascript can be used, like in the British Airways or TicketMaster hacks from the well known cyber Criminals MageCart.

But javascript is not the only vector used for browser attacks, Flash or PDF's can also be used to exploit your browser vulnerabilities.

So all this types of browser attacks will be used to exfiltrate data as you type it, like credentials to login into your bank account or to permanently infect your computer with malware or ransomware.

So we must suspect when a page takes to much time to load or keeps having the spinner active in your tab and hit F12 to look what is doing.

I use 9.9.9.9 in conjunction with Steven Black Hosts File to resolve DNS in order to protect me from sites that are considered dangerous (I will do an article later on this setup). Another alternatives exist for the same but they require active software running on my network and I am not feeling confident in allowing it. I also use Firefox with tracking protection always enabled.

Oh did I mentioned you that now the page load time of the pages I visited are much more faster and free of tracking and ads???

Image
SETTING UP A COST-EFFECTIVE AWS INFRASTRUCTURE FOR YOUR STARTUP.
Image
Integrating Payment Gateways in Next.js 14

nextjs, react, stripe, coinbase
Image
Setting Up a Cost-Effective AWS Environment for a Small Tech Startup.
Image
Unlock the Power of Virtual Machines with AEZA's Terminator

virtualmachine, free, windows, vds
Image
Why use a well structured architecture in Android?

android, mobile
Image
searchkick resource_already_exists_exception

searchkick, elasticsearch, ruby, rails
Image
Cursor Pagination Example

python, mongodb, pagination, tutorial
Image
Game
Image
Taking LLMs to (code) town: parsing robots.txt featuring RFC 9309

chatgpt, development, rfc
Image
20 Rules to Optimize PHP for High-Traffic Websites

php, tutorial, backend, web
Image
Web Design Tools
Image
Book review: Practical Object-Oriented Design

bookreviews
Image
Unlock the Future of Technology with AI Development Services

javascript, webdev, programming, ai
Image
RabbitMQ container with Docker Compose

dockercompose, rabbitmq
Image
Demystifying CPF and CNPJ Check Digit Algorithms: A Clear and Concise Approach

java, beginners, cleancode, ddd
Image
Whats up
Image
SETTING UP A COST-EFFECTIVE AWS ENVIRONMENT FOR A SMALL TECH STARTUP
Image
Bubble Sort, Selection Sort, Insertion Sort | Data Structures & Algorithms in JavaScript

webdev, javascript, beginners, programming
Image
Elevate Your Corporate Gifting with Scarborough & Tweed

gifts, corporate
. . . . . . . . . . . . . . . . . . . . . . . . . . .
Terabox Video Player