Every day we hear about new vulnerabilities and online hacks. Hackers are hunting around to steal your important data. The most recent hack was from the XDA-Developers forum. Although no user details were compromised. Android smartphones have suffered from various vulnerabilities. And, we are all fighting an unending battle to protect our privacy online. So in the midst of all this trouble out there, what can you do to protect your data? What can an average Joe do? Do not panic. We have you insurance.
How safe can you be on the Internet? | shutter
We’ve shared some extensions for safe browsing on Chrome in the past. However, here in this tutorial, I want to go a little broader. I want to explain you the basics of in-browser security (no matter what web browser you use) and also add some great tips that will give you a complete safe browsing experience . This guide is simplified for Medium Joe.
Security basics
What is HTTPS?
Well, you can read about it on Wikipedia but I want to explain it here in really simple words. What HTTPS actually does is, it protects the communication between the server of the website you’re visiting (which has HTTPS) and the client (you’re using a PC). How does it guarantee that? Use encryption. Encryption basically just creates a secret new language that only the server and client can understand. That way, no one (not even a hacker) will know what’s going through the connection.
Not every website can get HTTPS/SSL certificates. Each and every content is analyzed first. And, necessary security checks are done. In addition, security checks are performed by all browsers. Some sites that attempt to make HTTPS connections have both encrypted and unencrypted content. That’s why you get errors like below.
Types of Attacks
Most browser-based attacks carried out by hackers use Javascript. Developers use Javascript to make their websites dynamic and do things (like those listed below) that HTML can’t do. For example, a window that pops up when a button is clicked. You can’t do it without Javascript. Here are some attacks that hackers can perform on your browser using a malicious website (website you don’t trust). There are many but these are the most prominent right now.
1. Click-Jacking
This is an attack that uses a button on a website. A malicious code is inserted when the button is clicked and when the user clicks the button, the code is executed. It doesn’t matter that you get your desired content when you click that button but it may also have inserted some other unwanted entity. Well, most browsers prevent such attacks. However, you need to be cautious before clicking the button on an untrusted website (Especially download and torrent links).
2. XSS (Cross Site Scripting):
Here, the hacker encodes the malicious content (javascript) in such a way that the user finds it trustworthy and uses that content and the code is executed, which will allow the attacker to get all the information. user login (like username, password, settings, etc.). For example, you are logged in to some website with username ‘Mahesh’ and you receive a message from ‘Suresh’ (which contains malicious javascript encryption) and when you read the message the script will be execute and now an attacker can easily perform hijacking of your user session because he has your credentials. Well, this attack can also be prevented by most browsers but some scripts are coded in such a way that they can even fool web browsers.
3. CSRF (Multisite Request Forgery):
Let me show you direct examples. You are visiting a shopping website and have purchased something. And, the malicious code is already on your system (probably imported using the above two methods). So this malicious code will run a process in the background that will get the specific URL from the browser through which the product was purchased. It will manipulate the URL to do something malicious and ask the site to run it. And, the site will run it because the site knows it’s the logged in user asking to process the URL. However, it’s actually the code running in the background that requires that.
Let common sense prevail
So, after reading the attacks above, who do you see as the culprit? The attacker? Javascript? Web browser? In fact, it’s YOU. You are the one who clicked that download button, you are the one who was attracted by an email sent by a cute girl (with malicious code) even though it was in the SPAM folder.
Well, everyone makes mistakes and who here can’t be fooled? So to avoid being fooled by such attacks, you can do one thing. Disable Javascript. In fact, any attacker cannot attack your computer system (using a web browser) without Javascript. Enable Javascript only for sources and websites you trust.
There are many extensions and plugins that you can use to disable Javascript on your website. Also, browsers like chrome give you inbuilt options to disable Javascript for a particular website.
You can use the ScriptSafe for Chrome and NoScript for Firefox extensions. Alternatively, Adblock plus can act as a backup for these plugins. As it will protect you from malicious ad clicks.
Do you like Microsoft’s Edge browser? Here’s how you can make it ad-free.
Use Password Manager
We’ve shared enough on this topic here on GT. Here are some quick links to get you started if you don’t use a Password Manager.
- What is a password manager? – Wikipedia (If you don’t trust us, you certainly will.)
- Why Use Password Manager? – We have shared some great LastPass (Password Manager) features that will give you a clear idea.
- Which Password Manager should you use? – We have made many comparisons between different password managers. Like LastPass versus 1Password, 1Password versus Dashlane, and KeePass versus LastPass.
Just start using Password Manager if you haven’t already. It will make your browsing much safer.
Anti-Malware + Anti-Virus
First of all, if you don’t know the difference between Virus and Malware then read this explanation. Or else, here’s a quick overview:
Computer virus: The name itself explains it. It infects others. An infected file (the virus itself) will spread to other files, and those files will affect other files. Therefore, the distribution of malicious code
Malware: This is a software program that performs actions on your behalf without your knowledge. In addition, Malware can be classified into Spyware and Adware. Both fall under the category of Malware.
So why use Anti-Malware with Antivirus?
This is one of the best things I learned to keep my PC safe. This will definitely keep your PC away from Viruses and Malware. All you have to do is just use your favorite Anti-Virus (I rely on Windows Defender. And, I’ve never regretted it). With that, use Anti-Malware (I use MalwareBytes).
Oh no!
This will add double security to your PC. If Windows Defender (or your Antivirus software) misses a virus or malware, Anti-Malware will definitely catch it. So if anything malicious is downloaded from your Web browser it will definitely be terminated by these two. I have explained it in depth on my blog.
How to know if a website is NOT secure?
There are very few websites that can help you find a site that is trustworthy or not. You can use scnaurl.net or Norton Secure Web. You can add a website URL or a specific URL like a download link. In addition, Google scans each URL displayed in the search results. You can use their technology to check if the site is safe or dangerous. Visit their Transparency Report Diagnostics Page.
Your biggest enemy is yourself
I mentioned this earlier that you are the culprit. You are letting an attacker hack your browser/system. Malicious code won’t even enter your system if you don’t respond to malicious websites. All you have to do is just make sure that what you are doing is recommended by a reliable source or website. And, of course, you can certainly trust us.
ALSO SEE: How to keep your Android as secure as possible
Categories: How to
Source: thpttranhungdao.edu.vn/en/
