Security Survey of Internet Browsers Data Managers

Authors

  • Catalin Boja Bucharest Academy of Economic Studies, Romania

Keywords:

data, password, security, browser, forensic, sensitive

Abstract

The paper analyses current versions of top three used Internet browsers and compare their security levels to a research done in 2006. The security is measured by analyzing how user data is stored. Data recorded during different browsing sessions and by different password management functions it is considered sensitive data. The paper describes how the browser protects the sensitive data and how an attacker or a forensic analyst can access it.

Author Biography

Catalin Boja, Bucharest Academy of Economic Studies, Romania

Department of Economic Informatics and Cybernetics

References

NetMarketShare – Browser Market Share, last access on August 2010, http://marketshare.hitslink.com/report.aspx?qprid=0#

Mikhael Felker – Password Management Concerns with IE and Firefox, last access July 2010, http://www.symantec.com/connect/articles/password-management-concerns-ie-and-firefox-part-one

SQLite, http://www.sqlite.org/index.html

Infond blog – Firefox passwords management leaks, last access July 2010, http://infond.blogspot.com/2010/04/firefox-passwords-management-leaks.html

Isamil Guneydas - How FF store your passwords? Is it secure?, last access July 2010, http://realinfosec.com/?p=111

FireMaster – The Firefox Master Password Recovery Tool, last access July 2010, http://www.securityxploded.com/firemaster.php

FirePassword – Firefox Console based Sign-on Password Recovery Tool, last access July 2010, http://www.securityxploded.com/firepassword.php

SapporoWorks – The certification password of Internet Explorer 7 and operation of auto complete, last access July 2010, http://www.securityfocus.com/archive/1/458115/30/0/threaded

SecurityExploded – Exposing the Secrets of Internet Explorer, last access July 2010, http://www.securityxploded.com/iepasswordsecrets.php

SecurityExploded – IEPasswordDecryptor, last access July 2010, http://www.securityxploded.com/iepassworddecryptor.php

NSS Labs – Web browser security test results summary: Q1 2010, www.nsslabs.com/browser-security

Apple - About the security content of Safari 5.0.1 and Safari 4.1.1, CVE-ID: CVE-2010-1796, http://support.apple.com/kb/HT4276

Jeremiah Grossman - Stealing AutoComplete form data in Internet Explorer 6 & 7, http://jeremiahgrossman.blogspot.com/2010/07/stealing-autocomplete-form-data-in.html

Jeremiah Grossman - I know who your name, where you work, and live (Safari v4 & v5), http://jeremiahgrossman.blogspot.com/2010/07/i-know-who-your-name-where-you-work-and.html

Jeremiah Grossman - Password Managers, is this the best option user’s have?, http://jeremiahgrossman.blogspot.com/2010/03/password-managers-is-this-best-option.html

Sonia Chiasson, P.C. van Oorschot - A Usability Study and Critique of Two Password Managers, http://www.ccsl.carleton.ca/paper-archive/chiasson-usenix-06.pdf

Joanna Rutkowska – The three approaches to computer security, last visited on July 2010, http://theinvisiblethings.blogspot.com/2008/09/three-approaches-to-computer-security.html

Passcape – Recovering Internet Explorer 7-8 Passwords, last visited on August 2010, Passcape - Password Recovery Software Documentation, http://www.passcape.com/recovering_ie_passwords

Passcape – Recovering Internet Explorer Passwords: Theory and Practice, last visited on August 2010, http://www.passcape.com/internet_explorer_passwords#s4

Jesse Ruderman – Bookmarklets, last visited on August 2010, https://www.squarefree.com/bookmarklets/

NetMarketShare – Browser Version Market Share, last access on August 2010, http://marketshare.hitslink.com/browser-market-share.aspx?qprid=2

NAI Labs, Network Associate – Windows Data Protection, last accessed on August 2010, http://msdn.microsoft.com/en-us/library/ms995355.aspx

**** - How Google Chrome Stores Passwords http://www.switchonthecode.com/tutorials/how-google-chrome-stores-passwords

ISO/IEC 9126 International Standard - Information Technology – Software product evaluation - Quality characteristics and guidelines for their use, 1991, Geneve, Switzerland.

Wikipedia – PKCS - Public key cryptographic standards, last access on August 2010, http://en.wikipedia.org/wiki/Public-Key_Cryptography_Standards

Mozilla – NSS API Guidelines, last access on August 2010, http://www.mozilla.org/projects/security/pki/nss/nss-guidelines.html

Mozilla – Configuring Firefox for FIPS 140-2, last access on August 2010, http://support.mozilla.com/en-US/kb/Configuring+Firefox+for+FIPS+140-2

MozillaZine – Master password, last access on August 2010, http://kb.mozillazine.org/Master_password

MSDNS Library – CryptProtectData Function, last access on August 2010, http://msdn.microsoft.com/en-us/library/aa380261.aspx

FZ Blog – Obtenir les credentials de Firefox 3, last access July 2010, http://fz-corp.net/?p=199

JMEDS, Vol. 3, No. 3, September 30, 2011

Downloads

Published

2011-09-30

How to Cite

Boja, C. (2011). Security Survey of Internet Browsers Data Managers. Journal of Mobile, Embedded and Distributed Systems, 3(3), 109-119. Retrieved from http://jmeds.eu/index.php/jmeds/article/view/Security-Survey-of-Internet-Browsers-Data-Managers

Issue

Vol. 3 No. 3 (2011): Security Technologies for ICT

Section

Articles

License

Authors who publish with this journal agree to the following terms:


    1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

    1. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.

    1. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).

    1. The author(s) is responsible for the correctness and legality of the paper content.

    1. Papers that are copyrighted or published will not be taken into consideration for publication in JMEDS It is the author(s) responsibility to ensure that the paper does not cause any copyright infringements and other problems.

    1. It is the responsibility of the author(s) to obtain all necessary copyright release permissions for the use of any copyrighted materials in the paper prior to the submission.

  1. The Author(s) retains the right to reuse any portion of the paper, in future works, including books, lectures and presentations in all media, with the condition that the publication by JMEDS is properly credited and referenced.
Creative Commons License
JMEDS articles by Journal of Mobile, Embedded and Distributed Systems (JMEDS) is licensed under a Creative Commons Attribution 4.0 International License.
Based on a work at http://jmeds.eu.
Permissions beyond the scope of this license may be available at http://jmeds.eu/index.php/jmeds/about/submissions#copyrightNotice.