Security & Mobility Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements
KyleAdams

What Is Your Browser Doing behind Your Back?

by Juniper Employee on ‎07-29-2013 08:00 AM

Browsers have become extremely complex over the last few years, so does everyone fully understand everything a modern browser does?  Of course everyone is familiar with the point and click, redirections, forms . . . normal Web stuff.  What you might not know, is that your browser does a lot of things automatically without you asking it to.  These “helpful” features represent potential security risks, and it’s important that you are at least aware of them, so you can adjust your browsing behavior accordingly.

Behind Your Browser.jpg

 

The Trouble with Some Browser Optimizations

 

Modern browsers have a lot of optimizations to make sure your pages load quickly.  A few of the most interesting—and potentially harmful—optimizations are little known, but can represent serious breaches in privacy or undesired actions being taken without your knowledge.  Not necessarily because you are targeted by an attacker, but because you’re not aware that your browser is doing these things in the background.  

 

A few of these include:

 

1) DNS prefetching. DNS prefetching is a feature of most browsers that will look at all the links on a page, and automatically pre-resolve the DNS record.  In other words, it will look up the IP address those links point to so that when you click on them, it already knows where to send you.  However, if an attacker puts a hidden link on a page that points to their own domain and sets up his own DNS server, he can actually be notified when you view the page and get your IP address—even if you never click the link. This is bad especially in the case of emails and forums.  If an attacker puts a link in an email that used this technique, he can basically be notified when you read the email (without you being able to stop it).  Some webmail clients protect from this type of leak, but not all.

 

2) Page prefetching. In some browsers, most notably Chrome, when you type an address into the URL bar, it will actually go request the page before you finish typing.  In this way, the target server can tell what you type as you type it and, in some cases, it can accidentally request a page that causes some adverse action on the user.  For example, it might request the URL that deletes your account, even though you wanted a different URL that started with the same characters (an unlikely example, but hopefully you get the point).  So as you type, your account would get inadvertently deleted, and when you finish typing the full URL, your account won’t exist anymore.

 

3) Session Cookies.  Some browsers, most notably Chrome, do not delete session cookies when you clear your cookies.  This means that even if you clear your cookies, sites can still keep tracking you until you close your browser.  Most other browsers delete session cookies when you clear all cookies, so this behavior is somewhat unintuitive and unexpected.  It is something users should be aware of.

 

4) Plugins.  Many useful plugins exist for most browsers, but each plugin operates with an immense amount of privileges. They can look at everything you do, mess with content on your system, and make requests without you knowing. A great example is the plugins commonly shipped with antivirus applications. These plugins are designed to warn you when you visit a malicious page. However, in order for the AV vendor to know you’re visiting a malicious page, they need to know every page you do visit. This means that as you browse the Internet, the entire sum of your Internet activity is being silently shipped to a third party. Usually it’s a fairly trustworthy entity the data is being sent to, so not too much concern there, but if that company ever gets breached, it’s possible your entire browsing history (even after you clear it locally) would be exposed to the attacker. Worse yet, some of these plugins don’t bother encrypting such data, so it gets sent around in cleartext for anyone sniffing Wi-Fi traffic to look at. Users should be EXTREMELY cautious as to which plugins they install, and should make sure they understand what the plugin does in the background.

 

Post a Comment
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
About Security & Mobility Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon

Our Bloggers

Kyle Adams
Senior Software Engineer

Profile | Subscribe

Ritesh Agrawal
Director
Software Engineering

Profile | Subscribe

Erin K. Banks
Senior Technical Marketing Manager

Profile | Subscribe

Ajay Bharadwaj
Product Manager

Profile | Subscribe

Michael Callahan
Vice President
Product Marketing

Profile | Subscribe

Scott Emo
Director
Product Marketing

Profile | Subscribe

Mora Gozani
Senior Manager
Product Marketing

Profile | Subscribe

Ashur Kanoon
Sr. Manager
Technical Marketing

Profile | Subscribe

Seema Kathuria
Manager
Product Marketing

Profile | Subscribe

Kevin Kennedy
Senior Director
Product Management

Profile | Subscribe

Dave Killion
Software Engineer

Profile | Subscribe

Rebecca Lawson
Senior Director
Product Marketing

Profile | Subscribe

Rajoo Nagar
Senior Manager
Product Marketing

Profile | Subscribe

Erin O'Malley
Manager
Product Marketing

Profile | Subscribe

Galina Pildush
Strategy & Planning
Architect

Profile | Subscribe

Edward Roberts
Director
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Ashutosh Thakur
Product Line Manager

Profile | Subscribe

Troy Vennon
Software Engineer

Profile | Subscribe

Brad Woodberg
Product Manager

Profile | Subscribe

Labels
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.