Wednesday, February 07, 2007

Security zone shortcomings

For those of you unaware or unfamiliar with browser security zones, the short story is that web sites can be classified into 'zones'. There's typically a zone for web sites you explicitly trust (such as your bank), a zone for local/intranet web sites (typical in a work environment), and then an Internet zone for everything else. The goal is to reduce the security privileges given to the Internet zone (i.e. restrict what the Internet at large can do to/with your browser), while having more relaxed restrictions for sites you trust (letting them perform more security-sensitive operations). In a perfect world, you would configure your browser to disable Javascript, ActiveX, Flash, and all other excessive features in the Internet zone. This would reasonably protect your browser against any Javascript-based attack (including attacks related to phishing and XSS) and likely curb direct browser exploitation by a native browser vulnerability.

Read the article HERE.

0 Comments:

Post a Comment

<< Home