Now this is something new. According to NSSLabs, over 50% of malware infections occur via internet download. In the recent study they have tested 6 most popular web browsers to see how well they protect surfer against web based malware.
Effectiveness results (more is better)
Internet Explorer 8 (RC1) – 69%
Firefox 3.07 – 30% Continue Reading
“He won a cash prize and got to keep the hardware. Details of the vulnerability, which was described by contest sponsor TippingPoint ZDI as a “brilliant IE8 bug!” are being kept under wraps.
“Nils” also scored a clean hit against Apple’s Safari (he was the second hacker to exploit Safari) and, later in the afternoon, he exploited a Firefox zero-day flaw to claim the trifecta.”
In case you are interested, Mac was hacked in 10 seconds.
Nothing about Opera or Chrome yet.
“eBay scammers have been exploiting unpatched vulnerabilities in the Firefox and Internet Explorer browsers to deliver counterfeit pages that try to dupe people surfing the online auction house to bid on fraudulent listings.”
Continue reading at The Register
During 2008 Firefox reported 115 flaws. That’s more than Safari (32), Opera (30) and Internet Explorer (31) combined. However, Firefox fixes the issues way faster than any other company.
The research was made by Secunia. (see pdf)
A new Pwn2Own hack contest which should begin in the middle of the March 2009 is set to test Internet Explorer 8, Firefox, Safari and Opera web browsers running on Windows 7 Beta or RC.
Unlike previous year competition, where “white hackers” tried to hack computer operating systems (Mac OS was hacked first), this year it will focus on web browsers and mobile operating systems (Android, iPhone, Symbian, Windows Mobile, RIM).
More details should be announced within the upcoming weeks.
Infoworld inspected all the major web browsers and got some really interesting points to say about each of them.
Here are conclusions for each of the web browsers (also, links to full articles):
How Secure is Internet Explorer?
IE has no peer in enterprise deployment features. Using the Internet Explorer 8 Deployment Guide, administrators can deploy and configure more than 1,300 IE-related settings via Active Directory Group Policy or the Internet Explorer Administration Kit. It is the only browser in the review to support Kerberos authentication over the Web. Continue Reading
Guy Brian has discovered a new Safari vulnerability which affects Mac OS X 10.5 (Leopard) users who haven’t changed default feed reader preferences.
This vulnerability allows phishing sites to silently read all the user data from hard drive without him knowing that.
There is however a workaround for Safari users on Windows OS. Continue Reading
Google Chrome Continue Reading
Now here is something quite informative. Browser Security Handbook published by Google.
As Google explains, the document is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers.
The following browsers are included: Continue Reading