Secure Your Browser Before Shopping Online

With Thanksgiving falling close to Christmas this year, online shopping will be a great way to avoid the crowds and take advantage of retail incentives, including free shipping and returns, and Cyber Monday deals. In fact, industry analyst firm Forrester reports that online holiday sales are expected to reach an all-time high.

But before you click on the hottest deals or submit your personal information online (shipping address, usernames, passwords and credit card numbers), make sure that your browser is well equipped to safely handle these transactions and safeguard your information.

Through our Qualys BrowserCheck online tool we have collected data from over 1.4 million user computer scans and their respective browsers. From this research, we have found that 39% of the tested machines have critical vulnerabilities.These vulnerabilities allow cybercriminals to take remote control of your machine, search your disk drive for valuable information, monitor all keystrokes and e-commerce transactions, and intercept private information, such as usernames and passwords, credit card numbers and bank account details.

Our data shows that even the most popular browser in our database, Chrome, has close to 40% of its instances afflicted with a critical vulnerability. Similar numbers apply to Firefox and Internet Explorer, which are less than 5% behind in popularity, but both have 35% and 41% of their instances vulnerable to attacks.

Browsers themselves are only partly to blame though; we see most of them quite up-to-date, with Chrome leading the pack with 90%, Firefox at 85% and Internet Explorer trailing with 75%. The larger part of the problems are contributed by the plug-ins that we use to extend the capabilities of our browsers, led by Adobe Shockwave and followed by Oracle Java and Apple Quicktime.

The lesson is clear: Keep your browser and its plug-ins updated to the latest software versions, and you can ensure that you are protected against the attacks that use these vulnerabilities. One easy way to do this is with our free, automated service, BrowserCheck. It works on PCs and Macs, and it takes just a few seconds to scan your system to determine whether your browsers, operating systems and applications need to be updated.

The results include “fix-it” buttons linking to the latest software download to update your system.

The service also includes automated daily scanning. Once selected, BrowserCheck will regularly scan your system transparently, behind the scenes, without interrupting you as you use the internet. If an issue is detected, an alert will pop up, taking you to the results page with the “fix-it” buttons.

This is a simple, easy way to automatically keep your system updated. If you like it, recommend it to your friends and family to help them keep their computers safe this holiday season.

Comment by: @voodooKobra via Twitter originally at: http://pastebin.com/h4Lj4jLF
This is an addendum to a Qualys blog post[1] about securing your browser. Checking browser plugins is a good idea (Mozilla has their own webpage that does that for you [2] ) I don’t think it’s sufficient to call your browser "secure" ;-)
First, get the HTTPS Everywhere extension for Firefox and/or Chrome. No browser is complete without it :-D
-> https://www.eff.org/https-everywhere
This will rewrite unsafe HTTP links to HTTPS if the website supports SSL/TLS. This means your communications will be encrypted on your browser and decrypted on the web server. (Communications such as, your credit card data!)
Second, install NoScript!
-> https://addons.mozilla.org/en-US/firefox/addon/noscript/
NoScript will let you selectively enable/disable Javascript on domains you trust/distrust and generally make life more difficult for people who might want to attack your browser. :-D
Third, get AdBlock Edge!
-> https://addons.mozilla.org/en-US/firefox/addon/adblock-edge/
If you have Adblock Plus, uninstall it and replace it with ABE. ABE stops all ads, where as ABP only stops "unacceptable" ones. Because advertisers are often allowed to load third-party Javascript onto otherwise-secure pages, they’re an attractive option for someone who wants to infect your computer with malware. Also, ads are annoying.
Fourth, get Disconnect!
-> https://disconnect.me/
Disconnect makes it harder for companies to spy on your online behavior from one website to another. I highly recommend it.
And finally, get RequestPolicy.
-> https://www.requestpolicy.com/
RequestPolicy allows you to enable/disable third-party requests (images, videos, iframes, Javascript, etc.) and generally complements the security offered by the above addons.
There, now your browser is "secure". Next you should focus on securing your network and maybe using a VPN over Tor purchased with Bitcoins just to be safe? ;D
Other URLs referenced in this pastebin:
[1] – https://community.qualys.com/blogs/laws-of-vulnerabilities/2013/11/27/secure-your-browser-before-shopping-online
[2] – https://www.mozilla.org/en-US/plugincheck/

Reply to wkandek

Comments Cancel reply

wkandek says:

November 27, 2013 at 9:15 PM
1. Comment by: @voodooKobra via Twitter originally at: http://pastebin.com/h4Lj4jLF
3. This is an addendum to a Qualys blog post[1] about securing your browser. Checking browser plugins is a good idea (Mozilla has their own webpage that does that for you [2] ) I don’t think it’s sufficient to call your browser "secure" ;-)
5. First, get the HTTPS Everywhere extension for Firefox and/or Chrome. No browser is complete without it :-D
6. -> https://www.eff.org/https-everywhere
7. This will rewrite unsafe HTTP links to HTTPS if the website supports SSL/TLS. This means your communications will be encrypted on your browser and decrypted on the web server. (Communications such as, your credit card data!)
9. Second, install NoScript!
10. -> https://addons.mozilla.org/en-US/firefox/addon/noscript/
11. NoScript will let you selectively enable/disable Javascript on domains you trust/distrust and generally make life more difficult for people who might want to attack your browser. :-D
13. Third, get AdBlock Edge!
14. -> https://addons.mozilla.org/en-US/firefox/addon/adblock-edge/
15. If you have Adblock Plus, uninstall it and replace it with ABE. ABE stops all ads, where as ABP only stops "unacceptable" ones. Because advertisers are often allowed to load third-party Javascript onto otherwise-secure pages, they’re an attractive option for someone who wants to infect your computer with malware. Also, ads are annoying.
17. Fourth, get Disconnect!
18. -> https://disconnect.me/
19. Disconnect makes it harder for companies to spy on your online behavior from one website to another. I highly recommend it.
21. And finally, get RequestPolicy.
22. -> https://www.requestpolicy.com/
23. RequestPolicy allows you to enable/disable third-party requests (images, videos, iframes, Javascript, etc.) and generally complements the security offered by the above addons.
25. There, now your browser is "secure". Next you should focus on securing your network and maybe using a VPN over Tor purchased with Bitcoins just to be safe? ;D
27. Other URLs referenced in this pastebin:
28. [1] – https://community.qualys.com/blogs/laws-of-vulnerabilities/2013/11/27/secure-your-browser-before-shopping-online
29. [2] – https://www.mozilla.org/en-US/plugincheck/
Reply to wkandek

Related

Comments Cancel reply