Web browsers need a built-in firewall....
As long as they try to become an OS, they need it too... all the WebXXX features are just too dangerous to let code you download from external sources use them.
Ben Seri and Gregory Vishnepolsky, threat researchers at Armis, have found a way to expand upon the NAT Slipstream attack disclosed last year by Samy Kamkar, CSO of Openpath Security. The original NAT Slipstream potentially allowed a miscreant to access any TCP/UDP service tied to a victim's machine by bypassing the victim's …
(What legitimate activities require scripting in the browser instead of in the server ?)
It is possible to use The Register with scripting disabled - why can that not become the norm for all sites?
Whilst that's true, the solution is to fix the exploits the scripts use, not simply ban third party ads, and assuming the problem will go away (Of course, banning 3rd party ads is great for other reasons!)
I use relatively obscure private lan addresses for my internal hosts.. It turns out, thanks to WebRTC, that makes it easy to fingerprint me :-(
> "Every browser security bug that I can remember"
Oh, the naivety of youth! I can remember multiple image codec bugs which were exploitable through browsers. Yes, a pure (ascii) text only internet experience would probably be safe, but also pretty boring. Graphics improve the experience, while introducing risks. Scripting even more so.
Flash however made the experience worse and introduced a lot of risks. Thankfully that's dead now.
Hardly a youth (unfortunately!) - I am 67 next month and I started in computing about the same time as Intel produced the 4040 - well before Microsoft started.
Among the older computers that I have used IBM 360/65, Data General Nova 2, PDP-11 (multiple types), VAX and MicroVAX (multiple types), Alpha, 68000/68020/68030, 8086/286/386 . How many of the readers here remember using an ASR-33 to prepare a paper tape ?
The solution is IPv6, but indirectly.
Once you get used to the fact that NAT (eg: public to private IP addressing, specifically) is not a security boundary, people will (should) tighten up their overall IT security stance.
RFC1918/3927 has made people complacent and soft.
Biting the hand that feeds IT © 1998–2021