Web browsing and email
Our two favourite network applications are attractive targets for hackers and zombie scripts. Don’t let them in!
We’ve talked a lot about web browsers and privacy previously in the magazine, and lots of the points raised there are security concerns too. Third-party advertising networks are regularly compromised, so blocking cookies (or using Firefox’s container to isolate them) and JavaScript (for example, through No Script) isn’t just about avoiding obtrusive ads and unnecessary tracking.
There’s only so much your browser or OS can do if you click a malicious link. So do try to avoid those. Major browsers use regularly updated safe browsing lists and sandboxing to keep users safe. And thanks largely to Let’s Encrypt, most websites you visit use HTTPS (as indicated by the friendly green padlock in the URL bar) to ensure firstly that third parties can’t snoop on your browsing (and sniff credentials off the wire) and secondly that the site you’re browsing isn’t doing some sort of impostering. But hackers are ingenious and web browsers are popular targets. Rogue extensions might harvest form data, a site you’re using (or an ad network it uses) might be compromised to serve some ungodly JavaScript exploit (such as the Magecart payment skimmer) or point your DNS requests somewhere else.