Fatal attraction -- browsers and the beguiled

commentary It comes as no surprise that browser-based attacks have been identified as an emerging security threat in a recent study.As part of its second annual survey on IT security and the workforce, The Computing Technology Industry Association (CompTIA) asked nearly 900 organisations to rank their top 15 security concerns.

commentary It comes as no surprise that browser-based attacks have been identified as an emerging security threat in a recent study.

As part of its second annual survey on IT security and the workforce, The Computing Technology Industry Association (CompTIA) asked nearly 900 organisations to rank their top 15 security concerns.

The report revealed that 37 percent of the respondents experienced one or more browser-based attacks in the last six months. This represented a 12 percent increase from last year.

Browsers are increasingly being used as a weapon to sabotage PCs or compromise privacy. Some attacks simply crash a browser, while others pave the way for the theft of personal information or the loss of confidential proprietary data, CompTIA said.

In Australia, several reports have indicated that phishing scams have led users to unknowingly download keystroke logging software after accessing fraudulent financial Web sites disguised as the real thing. The Australian Bankers' Association has described the losses from these clandestine activities as "immaterial" compared with other forms of fraud.

The CompTIA survey made no mention of specific browsers but it's highly likely that Microsoft's Internet Explorer played a vital part. In fact, according to online analytics company OneStat.com, Microsoft's IE 4.0 and later versions command about 95 percent of the browser market. Mozilla, Opera and Safari share the remaining pie.

Microsoft, on its part, has been working on making its browsers more secure, especially after Danish security company Secunia highlighted an IE flaw which allowed hackers to display fake Web addresses. And after the latest IE-related vulnerability, Australia's national Computer Emergency Response Team (CERT) recommended that "Internet Explorer users avoid visiting Web sites of untrusted origin, or avoid completely the use of Internet Explorer, until a patch is available from Microsoft."

The software giant can spend millions to secure its products but no amount of money can substitute for common sense. Why are some Web users easier to con than others? And what's so "high-tech" about this type of crime? The fact that technology and the Internet are used to break the law doesn't make it any different from any other crime. If you don't lock your door, you're asking for trouble.

Online fraud is becoming commonplace and the sooner industry bodies like the ABA realises this, the better -- bank robbers don't wield guns these days, the mouse and keyboard have, instead, become the weapons of choice.

Do you think browser-based attacks will pose the next significant risk to IT departments? How can these threats be prevented? Talkback below or e-mail your thoughts to edit@zdnet.com.au.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All