SSL browser privacy mode security risk

Browser privacy modes don’t actually protect your privacy. The custom handler protocol in Mozilla Firefox creates URLs that remain even in privacy mode. Most users will know Firefox, Internet Explorer and Safari support SSL certificates. These websites can create these SSL client public and private key pairs (using JavaScript), which can remain after the privacy session ends.

The real problem occurs when a website uses a self-signed certificate. Internet Explorer and Safari browsers will store the certificates in the Microsoft certificate vault. In this event, the browser session can be viewed regardless of whether the privacy mode is being used.

Internet Explorer has recently been exposed to some negative press regarding the way SMB initiates requests in privacy mode with a remote server. However, closer examination of this ‘potential’ flaw reveals it actually isn’t a problem because port 445 is usually blocked by most ISPs. Final thoughts: using a browser you should also be aware of the security threat posed by ‘browser add-ons’, especially in privacy mode. Some (not all) of these browser add-ons retain your private mode session data. My suggestion is use a sandbox or virtual browser instead!

Windows 7 TIP: You can use Credential Manager to manage and store credentials, such as user names and passwords that you use to log on to websites or other computers on a network.

Safe surfing folks!


This entry was posted in browser and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *