Browser Security Today, web browsers such as Internet Explorer, Mozilla Firefox, and Apple Safari (to name

a few), are installed on almost all computers. Because web browsers are used so frequently, it is vital to configure them securely. Often, the web browser that comes with an operating system is not set up in a secure default configuration. Not securing your web browser can lead quickly to a variety of computer problems caused by anything from spyware being installed without your knowledge to intruders taking control of your computer. Ideally, computer users should evaluate the risks from the software they use. Many computers are sold with software already loaded. Whether installed by a computer manufacturer, operating system maker, Internet Service Provider, or by a retail store, the first step in assessing the vulnerability of your computer is to find out what software is installed and how one program will interact with another. Unfortunately, it is not practical for most people to perform this level of analysis.

Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries). Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering. In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document which uses a digital signature to bind a public key with an identity information such as the name of a person or an organization, their address, and so forth. The certificate can be used to verify that a public key belongs to an individual.

Web Security threats It is not so hard to fall victim to a user account or system compromise introduced through the web. But what are the various issues involved? Phishing One of the less advanced, but nonetheless effective threats is phishing. The term refers to attacks where the victim is led to believe that he or she is on a legitimate website, when in fact it is just a copy of the real one. This attack relies on the fact that anyone can create their own website and any website can look like any other. A real world example would be a fake ATM that is put in the middle of a busy shipping center. There would be very few signs to show victims that it is not a real ATM until no money comes out. Similarly, in a phishing attack victims may think that they are on their banks website, and therefore do not think twice about using pin numbers as requested. This attack is not limited to banking systems.

Phishing attacks have been known to target company email websites (Webmail), public email websites (like Gmail) and popular sites like Amazon or eBay. Web browser exploits Cybercriminals have also set up websites that exploit security holes in the web browser. This technique allows them to gain access without the victims knowledge. Web browsers are complex software. Third party add-ons The majority of websites require the use of third party add-ons such as Adobe Flash player and Acrobat Reader. Both of these widely used products have become a favorite target for cybercriminals. As more administrators and home users update their machines with the latest security updates and patches for their browsers, as well as the ability to automate the process. Downloads While automating remote code execution is very attractive for attackers, there are many times when this

level of sophistication is not required to compromise end-users' computers. In fact, some attacks still rely on end-users downloading executable files. Identification Users can identify a phishing website in a number of ways. The first is to look at the URL. Another effective prevention technique is to never follow links by email but to type them in or use bookmarks. Although not foolproof, these methods make it harder for attackers to pull off the scam.

Hacking means finding out weaknesses in an established system and exploiting them. A computer hacker is a person who finds out weaknesses in the computer and exploits it. Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge. Types: White hat

A white hat hacker breaks security for non-malicious reasons, for instance testing their own security system. The term "white hat" in Internet slang refers to an ethical hacker. This classification also includes individuals who perform penetration tests and vulnerability assessments within a contractual agreement. Often, this type of 'white hat' hacker is called an ethical hacker. Black hat A Black Hat Hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain". Black Hat Hackers are "the epitome of all that the public fears in a computer criminal". Black Hat Hackers break into secure networks to destroy data or make the network unusable for those who are authorized to use the network. Grey hat A grey hat hacker is a combination of a Black Hat and a White Hat Hacker. A Grey Hat Hacker may surf the internet and hack into a computer system for the sole purpose of notifying the administrator that their system has been hacked, for example. Then they may offer to repair their system for a small fee.

Effects of Hacking: The federal punishment for hacking into computers ranges from a fine or imprisonment for no more than one year to a fine and imprisonment for no more than twenty years. This wide range of punishment depends upon the seriousness of the criminal activity and what damage the hacker has done. Examples of Hacking: Examples include Nmap, Nessus, John the Ripper, SuperScan, p0f, and Winzapper. Bribes, have also been designated as among the most potent hacking tools, due to its potential exploitation in social engineering attacks. Occasionally, common software such as ActiveX is exploited as a hacking tool as well.