Feeds

Browser makers throw up drive-by download barriers

Security wrappers

Internet Security Threat Report 2014

Opera has partnered with Haute Secure in a bid to defend surfers from drive-by download attacks.

Haute Secure's technology will be bundled in Opera 9.5, bolstering the Norwegian firm's existing Fraud Protection technology with software designed to block malware downloads from compromised websites. Opera 9.5, codenamed Kestrel, is due out this summer.

As well as blocking hacker-controlled websites the technology will protect Opera users from harm after clicking on links that lead to malicious script or malware. This type of protection has become more important as changes in hacking tactics have resulted in more frequent incidents of malware appearing on legitimate websites.

AVG acquired Exploit Prevention Labs last December to gets its hands on the latter's Linkscanner technology, which probes links for signs of suspicious content, such as pointers to encrypted JavaScript files, on analysed sites. Both Linkscanner and Haute Secure's technology look at individual pages or links rather than a site as a whole.

Both technologies are designed to guard against drive-by download attacks. Haute Secure's technology is based on a database of known bad sites whereas Linkscanner leans more on real-time analysis.

In related browser security news, Mozilla developers have begun work on a browser plug-in designed to protect against a common range of web application vulnerabilities that feature in drive-by download attacks and other hacking attacks. Site Security Policy (SSP) aims to pull the sting from cross site scripting and cross site request forgery attacks. A beta version of the add-on can be downloaded here.

The SSP plug-in is separate to the development of Firefox 3, which reached the second release candidate milestone last week. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.