The popularity of the Internet browser has made it a catch-all for all sorts of programs and functionalities. It is this programmatically interwoven, complex piece of software that opens up new avenues of exploitation that hackers dream about. Here, other vulnerable browser technologies are discussed. Most have already been exploited. Specific examples are shared in Chapter 9.
While simple tags can add modest changes in text appearance (e.g.,
bold, italic, flashing, etc.),
add larger formatting attributes like
fonts, colors, and spacing. A single style sheet can define enough attributes
to make the web site look like a newspaper, which would otherwise
require a lot of separate formatting tags. With style sheets, the
format can be defined once and called on demand with a single tag.
Style sheets usually have the file extension of
.CSS. Style sheets have been available since
Internet Explorer 3.0 with varying levels of compatibility. Style
sheets are becoming more prevalent in web page design and are often
used to hide malicious coding. Several exploits, normally detected by
other means, have been able to hide in the style sheet section of a
web page and escape detection.
A big question people always want to know the answer to is how much personal information can a web site learn about just from visiting their site? Web sites have four ways of collecting information:
General information from browser ...