Web Browsers Under Siege From Organized Crime

An anonymous reader writes "IBM has released the findings of the 2007 X-Force Security report, a group cataloging online-based threat since 1997. Their newest information details a disturbing rise in the sophistication of attacks by online criminals. According to IBM, hackers are now stealing the identities and controlling the computers of consumers at 'a rate never before seen on the Internet'. 'The study finds that a complex and sophisticated criminal economy has developed to capitalize on Web vulnerabilities. Underground brokers are delivering tools to aid in obfuscation, or camouflaging attacks on browsers, so cybercriminals can avoid detection by security software. In 2006, only a small percentage of attackers employed camouflaging techniques, but this number soared to 80 percent during the first half of 2007.'"

Firefox? Opera? Safari?

[TFGeditor]

Okay, I admint I have not (yet) read the article, but experience tells me that 80% likely involves IE at 90 percent or better.

Re:Firefox? Opera? Safari?

[WilliamSChips]

I'm not fully sure but I know every browser has one vulnerability. It's between keyboard and chair.

That's not the worst of it.

[khasim]

It kind of reminds me of William Gibson's cyberspace: a free-for-all, hostile environment where it was pretty much up to individual users / corporations / governments / whatever to protect themselves through whatever means necessary.

The problem is that no matter how well YOU protect yourself, other agencies have your personal information in their databases.

What happens if your employer loses a laptop with your SSN, name, etc on it?

Eventually, the criminals are just going to start building a database with whatever information they can find.

Then they'll use that database to take out a second mortgage on your home, purchase a new car and open a few credit cards under your name.

You'll lose more money than you have. And you'll never have a chance to prevent it. Because all the information will be "leaked" from 3rd parties.

Re:That's not the worst of it.

Potentially the problems you state are only the scraps, unfortunately it is getting to where every filing cabinet and vault in the world has multitudes of vacuum pipelines hooked to it and organized crime is working hard on figuring out how to break down the filters and routing on these pipelines and channel the flow to themselves. Think in terms of the old vacuum pipes for paper and money transfers inside old department stores and then expand it world wide, now try to imagine keeping it secure, not just your part of it but everyone's part that you connect to and everyone's part that they connect to ad infitum, welcome to the internet.

Side warning to the F/OSS community: That multitude of eyes may become even more important as we start to wonder, is the Godfather contributing? It doesn't even have to be in terms of direct backdoors, only has to be an exploitable bug which of course don't make the contributor look as bad.

Side warning to the closed source corporations: See above, biggest difference is your paying them too. Think you can hire that many eyes?

Side warning to businesses and individuals: Read the above, look around you, let the paranoia begin.

The internet maybe a highly efficient way of doing business, but it can be an extremely efficient way to steal too. Weigh the KNOWN risk factors, is it really worth it?

Organized crime is only the tip of the iceberg.

We may have to become stainless steel rats just to be free.

Got plugins?

[jschottm]

The web is not just HTML at this point. Both QuickTime and RealPlayer have had notable exploits in the past few months. Acrobat and Flash have had major security holes as well. Just relying on the fact that you're using Firefox doesn't mean that you're not vulnerable.