Browser Threats

A web browser is software application that enables a user to display and interact with text, images and other information typically located on a web page at a web site on World Wide Web (www) or on local network.

As the primary interface between a user's computer and the internet, browsers have become the main target for people seeking to steal personal and financial information that may be used for various criminal activities.

1. Cookies
2. Active-X and Java
3. Eavesdropping
4. Man in the Middle
5. Spyware
6. Malicious Scripting
7. Tips for the Browser Security

Cookies are packages of text characters sent by a server to a user through the latter's web browser, which are saved by a browser to the user's hard disk. Every time a user accesses that particular server, the cookie kicks in, automatically logging him to the server without the need for a laborious authentication process.

When in transit from browser to the server, other users send out packet sniffers which can read network traffic. The owner of the packet sniffer proceeds to steal other network users' cookie information. Aside from packet sniffing, cookies and the sensitive information they contain can also be stolen if the browser has been directed through the use of scripts to send out cookies not only to the intended recipient server but to other unauthorized servers as well.

ActiveX, Java and JavaScript are 'scripting languages' or a set of instructions that allow content provided by a website or server to run on a user's computer's systems.

JavaScript was developed by the programmers who built the Netscape browser. ActiveX is Microsoft's answer to Java and is needed to run many of the programs created for the Windows OS (e.g. Acrobat Reader, Windows Media Player, and the like).
JavaScript and ActiveX are inherently harmless and are aimed only at enhancing a computer user' convenience, if they come only from trusted websites. When malicious scripts are allowed access to a web browser, they can be exploited to steal confidential user information, install tracking information, and other malicious software in the user's computer. The inexperienced user is not likely to notice that his web browser is running scripts without his knowledge
Phishing Threat

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication and mostly they may use browsers for doing the same.

Passive listening to browsing activity in general is a possible attack. The attacker is sometimes known as Eve and very hard to validate eavesdropping attacks

Spyware

Spyware is computer software that is installed surreptitiously on a personal computer through browser to collect information about a user, their computer or browsing habits without the user's informed consent.

Some web sites contain malicious scripts, active content or HTML that will attempt to trick the visitor into providing information or performing an action that will enable the attacker to gain some privilege.