IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [web-browser]

A web browser is an application which uses HTTP and related protocols to retrieve HTML and XML data from servers. As the web has become a critical source of information and communication, web browsers have become a critical component in information request, transfer and management.

1603 questions
0
votes
1 answer

JavaScript Malware attack vector

I've been reading a bit lately about pure JavaScript ransomware attacks. Sophos seems to imply that this a browser based attack and that you're infected by only visiting the site. I can't find any practical examples of how this might be achieved…
BanksySan
  • 111
  • 4
0
votes
1 answer

Which browser does not allow "remember me" option?

As all the modern common browsers like IE, mozilla, chrome overrides the "autocomplete=off" feature and ask to remember the username/password, is there any not-so-popular modern browser which does not even ask the user to remember the user…
one
  • 1,781
  • 3
  • 18
  • 45
0
votes
1 answer

Level of isolation that Chromium's "Guest Browsing" provides?

When using "add user" in guest browsing, what level of "isolation" does one get? If any? That is, I can log into google or facebook etc multiple times so I assume that at least cookies are separated yes but are those pages, or say adverts, or even…
user1840
  • 3
  • 1
0
votes
2 answers

Is powershell being executed from within Javascript a security risk?

One of our clients called after getting hit by a popup and being asked to call a number. This scam tatic has been growing faster and faster in terms of calls that we get. I was curious how they knew so much about the client's system, down to…
Jason
  • 3,086
  • 4
  • 20
  • 24
0
votes
2 answers

Secure website with unique machine certificate

Is it possible to allow access to a website only for specific clients on specific machines? I'm no security expert, but one idea I had is to generate a certificate that would work only on a specific machine (so if the certificate was stolen, it…
Shahin Dohan
  • 103
  • 2
0
votes
2 answers

Can YouTube thumbnails contain exploits?

I know that YouTube videos are processed by Google in order to prevent them from having any malware in them. But I was wondering, are image thumbnails processed in any way to prevent them, or at least, make it less likely that they contain browser…
user67447
0
votes
1 answer

Wouldn't looking at the address in the URL address bar in your browser defeat "tabnabbing"?

Considering this question about tabnabbing, and looking at both of the demos, located here provided by Sjoerd in his answer, and located here provided by Daniel in a comment, all I had to do was to take a look at the URL address bar in my browser…
Fixed Point
  • 211
  • 2
  • 7
0
votes
3 answers

SSL certificate: would this self-signed cert alternative be secure?

This article got me thinking: would the following alternative (using self-signed certs and a third party service) be less secure than the current CA hierarchy trusted by browsers? I quote: The really depressing part is that it would be trivial to…
a25bedc5-3d09-41b8-82fb-ea6c353d75ae
  • 228
  • 1
  • 6
0
votes
0 answers

How to exploit web browsers sandbox?

I have read a few articles about researchers being able to use flash or java vulnerability to bypass web browsers sandbox and hack a system. Can someone explain how such attacks work? Here is an example article Chrome Sandbox Cracker (2011). If…
Anurag
  • 917
  • 1
  • 7
  • 14
0
votes
2 answers

Can non-torrent-supporting browsers run torrent clients like jstorrent.com for Chrome?

I'm participating in a discussion on Quora where I argue that browser security means that JavaScript, ActiveX, and even Java applets, aren't allowed to act as torrent clients, even with the end user's permission. More specifically, I would think…
user1862
0
votes
1 answer

TLS1.0 to TLS1.2 (Browser vs Registry)

Question How does TLS protocol differ on registry and browser level? Context Many companies are migrating from protocol TLS1.0 (disabling this) to TLS1.2 (enabling it). I'm not sure how this differs on the registry level, and on browser level.…
George
  • 739
  • 1
  • 6
  • 22
0
votes
1 answer

Secure touch kiosk system without updates?

We have a discussion here, if an internet enabled kiosk system can be set up securely without updating the system regularly. The facts in short: We are developing a new software product which offers a "station version", means it runs as a kiosk…
tmprivat
  • 3
  • 2
0
votes
1 answer

Why am I getting fake virus alert pop-ups on Facebook?

This happens quite often. When I am browsing through safe websites suddenly a scary virus alert comes with a toll free number to call and it hijacks the browser. Sometimes I have to end the browser process from task manager to close the browser and…
beginner
  • 3
  • 1
  • 2
0
votes
1 answer

Address bar Spoofing

The exploit explained by security researcher Rafay Baloch that using characters like '|' or unicode characters like U+FE70, U+0622, U+0623 could lead to reversing of the site url and leads to various types of web attacks. I tried on Firefox 49 on…
ashish
  • 127
  • 1
  • 6
0
votes
1 answer

Why a pdf is opened when I click a url when the url specifies its a zip ?Is this link trustworthy?

So basically the href of the anchor tag is something like hxxtp://www.xxxx/xx.zip and the anchor tag text visible to user is something like xxxx.pdf ,when user clicks it Mozilla opens it as a .pdf but actually it is a .zip. My doubt: Why is firefox…
rebel87
  • 205
  • 4
  • 11
1 2 3
99
100