RSS Alerts

Share

More services

Related Links

Related Stories

  • Trusteer adds malware removal utility to Rapport browser add-in
    If you use e-banking with HSBC, NatWest, RBS, Santander and a growing number of other European and US banks, chances are you'll have been asked to download and install a free copy of Trusteer's Rapport security add-in to your browser.
  • Mozilla admits it was wrong about Firefox add-on
    The Mozilla Foundation, the open source group behind the popular Firefox web browser, has withdrawn a claim that a software developer had infected a Firefox add-on with a trojan.
  • Fake Mozilla Firefox download email fools users
    The Mozilla Foundation, the organisation behind the popular Firefox web browser application, has issued a warning of a fake update email doing the rounds
  • Apple releases Safari 4.0 to counter security flaws
    Apple Computer has released v 4.0 of its increasingly popular Safari web browser for Windows and Mac OSX-based computers. The release counters the recent security flaws reported in CFNetwork, CoreGraphics, ImageIO, International Components for Unicode, libxml, Safari, Safari Windows Installer, and webKit
  • Security flaw exposed in Google Chrome
    Fresh after Google’s tenth birthday, the entrepreneurial company is facing reports that its new browser, Chrome, contains a security flaw, just a day after its release in beta.

Top 5 Stories

News

Private web browser modes not as anonymous as you might think

09 August 2010

With the latest web browsers including a 'private' or 'anonymous' mode, you might think that you'd be relatively safe surfing to websites with a dubious reputation. But, according to researchers with Stanford University computer science security lab, this isn't actually so.

In a research paper due to be presented at the Usenix Security Symposium later this week, the anonymous features of the 'big four' browsers – Chrome, Firefox, IE and Safari – are not as secure as users might think.

The paper observes that "current private browsing implementations provide privacy against some local and Web attackers, but can be defeated by determined attackers".

Reporting on the paper over the weekend, CNET writer Seth Rosenblatt says that features such as 'visited-site history, cookies, search history, download history, web form data, and temporary files' are not recorded on the user's PC.

The security problem, says the Stanford University research paper, stems from the add-ons that users choose to install in their favourite web browser.

According to CNET's Rosenblatt, under Mozilla Firefox, half of the top 32 Javascript-only extensions wrote data to the user's hard drive that a hacker could then later uncover.

"The study actually looked at the top 40 Firefox add-ons, and treated any binary extensions as unsafe in private browsing mode because of what the study called the inherent difficulty in parsing their arbitrary read-write behaviour", he said.

Similar problems exist with the private modes of the other three of the mainstream web browsers.

The good news, Infosecurity notes, is that Opera appears to be immune from this issue in its private browser mode, mainly because it doesn't use extensions, but opts for 'widgets' that are memory sandboxed from the main browser code.

The Stanford University research paper makes the following useful observation: "The browser is the gateway to the internet for many consumers. Ensuring that browser privacy controls are easy to find and simple to use is one crucial component of empowering consumers to maintain their privacy online."

"Improvements in this area cannot replace the need for a robust national privacy law, but they go a long way towards putting consumers in control of their own data."

This article is featured in:
Data Loss  • Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012