Language Selection

English French German Italian Portuguese Spanish

Safe browser an oxymoron?

Filed under
Web

In November 2003, the CERT Coordination Center first advised Web users to consider using a Web browser other than Microsoft Internet Explorer.

IE's problems at the time were pervasive, and many of them were rooted in its complicated architecture. Vulnerabilities in IE were being reported almost monthly, and users faced risk until Microsoft released updates.

By June 2004, attackers started targeting IE. Exploits appeared "in the wild" on Web sites that installed malicious software on visitors' computers. This trend culminated in a "zero day" IE vulnerability, disclosed in an attack where malicious software captured information typed into bank Web sites, giving attackers access victims' accounts.

Since then, two developments have occurred. First, Microsoft released security enhancements in its Windows XP Service Pack 2. Second, attackers have begun to exploit vulnerabilities similar to IE's in alternative browsers.

There is no silver bullet, no such thing as 100 percent secure. Security requires a balance between functionality and cost, and relies on concepts of trust and risk tolerance. With this in mind, here are some recommendations for safe Web browsing.

Full Story.

More in Tux Machines

Linux 4.0-rc2

So rc2 missed the usual Sunday afternoon timing, because I spent most of the weekend debugging an issue that happened on an old Mac Mini I have around, and I hate making even early -rc releases with problems on machines that I have direct access to. Even if it only affected old machines that actual developers are unlikely to have or at least use. Today I got the patch from Daniel Vetter to fix it, so instead of doing a Sunday evening rc2, it's a Tuesday morning one. Go get it. It works better for the delay. Other than that little one-liner i915 fix? Not much, actually. It's been a very quiet week, for being this early in the release process. Sure, 3.19-rc2 was even smaller, so it continues a trend, but that was the xmas week. I hope this low volume is just because the 4.0 merge window itself was somewhat calmer than most recent releases. But I suspect the real reason is that the driver and networking trees from GregKH and davem are pending, and didn't make rc2. We'll see. Anyway, the shortlog is appended, and testing is appreciated, Linus Read more

6 Linux-y announcements from Mobile World Congress

I earlier wrote about how Linux invaded CES 2015. The domination continues at Mobile World Congress, which kicked off this week in Barcelona. Here are some of the major announcements from MWC that show that Linux has become an unstoppable force. Read more

Jolla shows off Sailfish tablet, promises ultra-secure phone

Jolla released Sailfish OS 2.0, showed off the first tablet to run the OS, and announced plans with SSH to develop a security-hardened version of Sailfish. Read more

New Ubuntu Phone Separates the App from the Data

As CIO Journal has noted, Mr. Shuttleworth envisions the rise of an Ubuntu-powered phone that runs desktop grade applications and plugs into peripherals such as large displays and keyboards. In other words, he is working to achieve true mobile-desktop-laptop convergence — the only computer you need, in your pocket, all the time. He tried to raise $32 million to fund development of such a phone, known as the Edge, in a widely publicized crowdfunding campaign on Indiegogo. The campaign ended in 2013, short of its goal. Read more