Security By Obscurity Doesn't Work Anymore

It used to be fairly straightforward choosing a browser. Internet Explorer came bundled with everything, a few hardy souls got on the Firefox bandwagon early, Apple freaks used Safari, and Ron Paul voters used Opera. Since hackers concentrated their attention on the target-rich environment of massed IE users, everybody else benefited from "security by obscurity." No more, it seems. Bad people are finally wising up to the fact that lots of people are using non-Microsoft browsers now. Enough to make it worth stealing from them -- or annoying them, anyway.

Case in point: We have no IE bugs to report this month, but both Firefox and Safari have been hit hard.

So forget the idea that just because you've switched to a new browser, you're magically safer. You may be for a time, but to stay safe with any software, you need to keep current with fixes.

In a somewhat dubious recognition of Firefox's growing popularity, hackers have focused their attention on it, leading to a rash of newly discovered holes. The folks at Mozilla recently released two Firefox updates in less than six weeks, fixing a total of five critical security vulnerabilities. All five can be exploited by planting a poisoned JavaScript file in a Web site and waiting for you to stumble across it.

Mozilla and Apple seem to be doing a good job releasing patches to deal with the security holes as they appear, but the article also mentions a particularly nasty way to pick up a Safari virus: If you forget to uncheck a box during an iTunes update, Apple is going to give you the Safari browser whether you want it or not. And if you don't update it because you don't know you have it, you won't receive the patches they release to protect their users from such attacks. And no snickering from IE users, please; hackers have just turned their attention to attacking MS Office instead of the browser. Be careful out there, people!
Tags:  security, Work, SEC, K, DOE