Protecting Yourself from Browser Hacking

This week we have been investigating browser hacking, or the inadvertent disclosure of personal information that is saved and stored by your browser.  Today we will be showing several actions you can take to keep your information private.

The best way to protect yourself from a remote attacker is to prevent the remote access malware needed to access your computer from installing in the first place.  Using a good, up-to-date anti-malware package should detect, block, or remove all but the newest malware downloads and installations.  If you are using a premium product that requires annual subscription payments, please keep the subscription current.  Expired anti-malware products cannot protect you from newer exploits.  Free products, such as Windows Defender, are a good alternative as long as they are getting regular updates.

This, of course, will do nothing to deter someone with physical access to your computer.  In that case, using a locking password-protected screen saver on a short timer will help.  So would setting your computer to log out back to the login screen after 5-10 minutes of inactivity.  You do have a password for your computer, don’t you?

Next, keep your operating system and applications fully patched and updated.  Make sure Windows and Microsoft updates are installing automatically, and popular applications such as Adobe Reader and Flash, and Java are staying updated as well.  Since Flash and Java are used all over the web, keeping these updated is critical.  It is especially important that you upgrade to the most recent versions your web browsers, since they will be more secure against newer attacks and exploits.

Other browser specific actions you can take to protect yourself are:

  • Use incognito mode.  This prevents your browser from saving any data, but means you will not have any browsing history, customized web site, relevant suggestions, or saved logins.  But that is what we are talking about, so this is the best option.
  • Prevent saved logins.  If you want software to remember your passwords, use a password manager.
  • Set a master password.  Or if you prefer, set a master password to access your stored passwords, this way an attacker would need the master password to read the stored passwords.  SmartLock  is a good alternative for Chrome.
  • Use a password manager.  Using a good third-party password manager is a better option.  When coupled with two-factor authentication, a password manager such as LastPass is your best option for saving remembered passwords.
  • Two-factor-authentication.  Use 2FA for as many web accounts as you can, certainly for your email, banking and financial, social, and shopping accounts.  We use Google Authenticator.  If your password escapes into the wild, an attacker who still need your smartphone to log into 2FA protected accounts.
  • Disable cookies.  There will be some websites where you need cookies, but you can enable them on a site-by-site basis.  Disabling third party cookies prevents advertisers from tracking you and serving up “relevant” ads.
  • Disable autofill.  Sure, this means filling in forms manually.  You can set up autofill in a password manager if this is an important feature for you.  LastPass can do that for example, and at least your information is not in the browser, but safely encrypted inside the LastPass application.
  • Clear your browser cache.  This removes all web browsing traces that may have slipped by your other defenses.  You can set this up to clear automatically when you close the browser, or you can elect to do it manually once in a while.  We prefer automation to human memory.  CCleaner can be a good tool for this purpose.  The professional version allows for scheduled cleaning.

If you have followed our guidance, your browser should be more secure than it was at the start of the week.  Hopefully you found this series on browser hacking informative as well.  We love to hear from our readers, if you would like to send a comment we would be happy to post it on the site.

More information:


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.