Web Browser Attacks and Defenses

A big vector for attacks these days seems to be through web browsers. Unprotected, unpatched and widely used, the lowly browser takes a beating from hackers looking for the path of least resistance to someone's desktop. And why not? Nothing could be easier. Traffic bounces in unimpeded on port 80, unnoticed because its just ordinary web traffic.

At Black Hat last week in Las Vegas, Dan Kaminsky and Robert Hansen showed how easy it is to penetrate internal networks through browsers. Kaminsky used an old exploit with a Java applet and Hansen used JavaScript to attack DNS in what's called "anti-DNS pinning."

I saw Hansen's presentation at Black Hat and the exploit was so easy, it was scary. Just a few lines of harmless -- yeah, right -- JavaScript code. I love JavaScript. I used to code in it about five years ago when it couldn't do much on a network. Now, with new features for AJAX and Web 2.0, it can be a lethal weapon. My how times have changed.

Here's more from Information Week about Hansen's presentation, done jointly with Jeremiah Grossman, author of the recently released XSS Attacks. I call their technique scanning without scanning.

Here's an interesting article from Redmond magazine about protects for protection against web attacks.

On a side note, I picked up a copy of Grossman and Hansen's XSS boook at Black Hat. It's the only book completely dedicated to the subject.