O'Reilly logo

Malicious Mobile Code by Roger A. Grimes

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Other Browser Technologies

The popularity of the Internet browser has made it a catch-all for all sorts of programs and functionalities. It is this programmatically interwoven, complex piece of software that opens up new avenues of exploitation that hackers dream about. Here, other vulnerable browser technologies are discussed. Most have already been exploited. Specific examples are shared in Chapter 9.

Cascading Style Sheets

While simple tags can add modest changes in text appearance (e.g., bold, italic, flashing, etc.), Cascading style sheets add larger formatting attributes like fonts, colors, and spacing. A single style sheet can define enough attributes to make the web site look like a newspaper, which would otherwise require a lot of separate formatting tags. With style sheets, the format can be defined once and called on demand with a single tag. Style sheets usually have the file extension of .CSS. Style sheets have been available since Internet Explorer 3.0 with varying levels of compatibility. Style sheets are becoming more prevalent in web page design and are often used to hide malicious coding. Several exploits, normally detected by other means, have been able to hide in the style sheet section of a web page and escape detection.

Privacy Issues

A big question people always want to know the answer to is how much personal information can a web site learn about just from visiting their site? Web sites have four ways of collecting information:

  • General information from browser ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required