Security By Obscurity Doesn't Work Anymore

Security By Obscurity Doesn't Work Anymore

It used to be fairly straightforward choosing a browser. Internet Explorer came bundled with everything, a few hardy souls got on the Firefox bandwagon early, Apple freaks used Safari, and Ron Paul voters used Opera. Since hackers concentrated their attention on the target-rich environment of massed IE users, everybody else benefited from "security by obscurity." No more, it seems. Bad people are finally wising up to the fact that lots of people are using non-Microsoft browsers now. Enough to make it worth stealing from them -- or annoying them, anyway.

Case in point: We have no IE bugs to report this month, but both Firefox and Safari have been hit hard.

So forget the idea that just because you've switched to a new browser, you're magically safer. You may be for a time, but to stay safe with any software, you need to keep current with fixes.

In a somewhat dubious recognition of Firefox's growing popularity, hackers have focused their attention on it, leading to a rash of newly discovered holes. The folks at Mozilla recently released two Firefox updates in less than six weeks, fixing a total of five critical security vulnerabilities. All five can be exploited by planting a poisoned JavaScript file in a Web site and waiting for you to stumble across it.

Mozilla and Apple seem to be doing a good job releasing patches to deal with the security holes as they appear, but the article also mentions a particularly nasty way to pick up a Safari virus: If you forget to uncheck a box during an iTunes update, Apple is going to give you the Safari browser whether you want it or not. And if you don't update it because you don't know you have it, you won't receive the patches they release to protect their users from such attacks. And no snickering from IE users, please; hackers have just turned their attention to attacking MS Office instead of the browser. Be careful out there, people!
0
+ -

I believe that there are a lot of Internet Explorer users out there that don't have the latest security updates, AND there are probably a lot of IE6 users out there that haven't upgraded to the more secure IE7. Why is this? Well, it is probably because they are using a pirated version of Windows, or maybe it is because they have used an official Windows XP install CD and used WPA-Kill to satisfy the Windows activation nag (because they have installed the same serial # on more than one PC). If you are one of these people, do yourself a favor and use Firefox (or similar browser) and let it update automatically. If you do this there is a good chance that you will have a safer online experience. And use a firewall, too!

0
+ -

Super Dave:
I believe that there are a lot of Internet Explorer users out there that don't have the latest security updates, AND there are probably a lot of IE6 users out there that haven't upgraded to the more secure IE7. Why is this? Well, it is probably because they are using a pirated version of Windows, or maybe it is because they have used an official Windows XP install CD and used WPA-Kill to satisfy the Windows activation nag (because they have installed the same serial # on more than one PC). If you are one of these people, do yourself a favor and use Firefox (or similar browser) and let it update automatically. If you do this there is a good chance that you will have a safer online experience. And use a firewall, too!
 

 

or how about this the IT department at the company you work for can't get the company's poorly coded internal web apps to work under IE7 and the development platform doesn't support Firefox at all as it requires an ActiveX control to work. its funny I keep running into this sort of thing.

Login or Register to Comment
Post a Comment
Username:   Password: