02.24
Just wanted to quote the following paragraph from Mika Tolvanen blog post in the F-Secure Weblog.
Today’s browser is more powerful than yesterday’s OS.
The browser is, for all practical purposes, a terminal of the bank, but it is running in a completely untrusted environment. Actually, you could say that the Browser is the new OS. Since important content is more and more in the cloud and accessed via the browser, malware, in theory, does not have to infect the OS at all. Malware only needs to infect the browser and it will be able to access, steal, and modify all the necessary content. Since most browsers have a cross-platform plugin architecture, it may even be possible to create data stealing malware that is not interested in the operating system or file system at all. It will only exist in memory of the browser.
This is totally my point of view related to browsers in terms of security. and that was what I tried to prove in my Firefox Malware PoC. Browsers really need to step up the game.