Lesson 17-Web Components

1
Lesson 17-Web Components
2
Background

• The World Wide Web was invented in 1990 by Tim
  Berners-Lee to give physicists a convenient
  method of exchanging information.
• What began as a physics tool in the European
  Laboratory for Particle Physics (CERN) has grown
  into a complex system.

3
Background

• It is now a complex system used by millions for
  tasks ranging from e-commerce to e-mail,
  chatting, games, and even the original intended
  usefile and information sharing.

4
Background

• Before the World Wide Web, the following methods
  were used to perform these tasks
• File Transfer Protocol (FTP) to move files.
• Telnet to access other machines.

5
Background

• A common architecture was developed by
  Berners-Lee.
• First, a common addressing scheme built around a
  Uniform Resource Locator (URL).
• Then, linking documents with URLs through the
  Hypertext Markup Language (HTML).

6
Objectives

• Upon completion of this chapter, the students
  will be able to
• Describe the protocols such as SSL/TLS protocol
  suite, LDAP, and FTP used with Web components.
• Describe Web applications, such as Web Services
  and plug-ins, and explain their associated
  security issues.
• Describe and explain secure file transfer options.

7
Objectives

• Upon completion of this chapter, the students
  will be able to
• Explain how directory services can be used to aid
  in data retrieval.
• Describe how scripting and other Internet
  functions can cause security concerns.
• Describe how using cookies maintains parameters
  between Web pages.

8
Current Web Components and Concerns

• The World Wide Web is useful due to
• Browsers
• Web components

9
Current Web Components and Concerns

• There are three main security tasks
• Securing a server to deliver content to users
  over the Web.
• Securing the transfer of information between
  users and servers over the Web.
• Securing the user's computer from attack through
  a Web connection.

10
Protocols

• Encryption
• SSL and TLS
• The Web
• HTTP and HTTPS
• Web Services
• Directory Services (DAP and LDAP)
• File Transfer
• FTP and SFTP

11
Protocols

• Protocols are agreed-upon rules that allow
  vendors to produce hardware and software that
  interoperate with hardware and software developed
  by other vendors.
• The specific instantiation of protocols is done
  through hardware and software components.

12
Encryption (SSL and TLS)

• Secure Socket Layer
• SSL is almost ubiquitous in e-commerce.
• All browsers and Web servers support SSL.
• Virtually, all sensitive financial traffic uses
  SSL to protect information between Web servers
  and browsers.

13
Encryption (SSL and TLS)

• The Internet Engineering Task Force (IETF)
  embraced SSL in 1996 through a series of RFCs and
  named the group Transport Layer Security (TLS).
• SSL 3.0
• RFC 2246
• TLS Protocol Version 1.0
• RFC 2712
• Added Kerberos authentication
• RFCs 2817 and 2818
• Extended TLS to HTTP version 1.1 (HTTP/1.1)

14
Encryption (SSL and TLS)

• Although SSL has been through several versions,
  TLS begins with an equivalency to SSL 3.0.
• SSL and TLS are essentially the same protocol,
  but not interchangeable.

15
Encryption (SSL and TLS)

• SSL/TLS is a series of functions within the OSI
  model.
• They reside between the application layer and the
  TCP/IP implementation in the transport and
  network layers.

16
Encryption (SSL and TLS)

• TCP and SSL/TLS
• TCP sends an unauthenticated error-free stream of
  information between two computers.
• SSL/TLS adds message integrity and authentication
  functions to TCP through cryptographic methods.

17
Encryption (SSL and TLS)

• Session description
• When two programs initiate an SSL/TLS connection,
  they compare available protocols and agree on an
  appropriate common cryptographic protocol.
• SSL/TLS can use separate algorithms and methods
  for
• Encryption
• Authentication
• Data integrity
• Each of these is negotiated and determined before
  the session starts.

18
SSL/TSL Encryption Options

• This shows the types of cryptographic protocols
  available in Netscape Communicator.

Cryptographic protocol options in Netscape
Communicator
19
How SSL/TLS Works

• SSL/TLS uses cryptographic protocols. Effective
  use of these protocols requires that systems must
  agree upon a protocol. The SSL handshake process
  is used to accomplish this task.
• The client requests for a secure connection and
  the server responds.
• Both systems agree on a commonly held protocol
  (SSL v1, v2, v3, or TLS v1).
• Commonly available cryptographic algorithms
  include Diffie-Hellman and RSA.

20
How SSL/TLS Works

• The handshake begins with the exchange to agree
  on parameters.
• The systems exchange certificates and keys to
  enable authentication.
• Certificate exchange is done via X.509
  certificates.
• Public key cryptography is used to establish
  authentication.

21
How SSL/TLS Works

• The session continues
• Once authentication is established, the channel
  is secured with symmetric key cryptographic
  methods and hashes, typically RC4 or 3DES for
  symmetric key and MD5 or SHA-1 for hash
  functions.
• The authenticity of the server and possibly the
  client has been established.
• The channel is protected by encryption against
  eavesdropping.

22
How SSL/TLS Works

• Session certificates
• The use of certificates is a way to have a third
  party act as a notary in the electronic world.
• A certificate is merely a standard set of
  formatted data that represents the authenticity
  of the public key associated with the signer.
• A certificate can be trusted as a notary to a
  signature.
• Certificates provide a method of proving who
  someone is, provided you trust the issuer.

23
SSL/TSL Certificates
SSl and TLS options in Netscape Communicator
24
SSL/TSL Certificates
Certificate options in Microsoft Internet Explorer
25
SSL/TSL Certificates

• These are the certificate management options.

Certificate management options dialog in
Microsoft Internet Explorer
26
How SSL/TLS Works

• SSL/TLS is designed to provide protection from
  man-in-the-middle attacks.
• By authenticating the server end of the
  connection, SSL/TLS prevents the hijacking of a
  session.
• By encrypting all of the conversations between
  the client and the server, SSL/TLS prevents
  eavesdropping.

27
The Web (HTTP and HTTPS)

• The Hypertext Transfer Protocol (HTTP) is the
  protocol for the transfer of hypertext-linked
  data over the Internet.
• A URL such as http//www.example.com is decoded
  by the browser.
• The http// portion indicates that the desired
  method of data transfer is via the Hypertext
  Transfer Protocol.

28
The Web (HTTP and HTTPS)

• SSL/TLS hides cryptographic complexity from end
  users.
• This can be done by requesting a secure
  connection from a Web server, instead of a
  non-secure connection.
• With HTTP connections, use https// in place of
  http//.
• The entry of an SSL/TLS-based protocol will cause
  an aware browser to negotiate with the server to
  establish the required level of security.

29
How Do You Know You Are Secure?
HTTPS connection in Microsoft Internet Explorer
30
The Web (HTTP and HTTPS)

• Enabling cryptographic methods transparently
  helps end users to use these protocols easily.
• SSL/TLS is agnostic.
• Designed to run on top of TCP/IP, it can operate
  over lower-level protocols such as X.25.
• SSL/TLS requires a reliable lower-level protocol.
  
• It cannot properly function over a non-reliable
  protocol such as the IP User Datagram Protocol
  (UDP).

31
Web Services

• Web Services is an industry term with various
  marketing definitions.
• It depends upon who is trying to market what and
  to whom.
• Although the term has been misused often, its
  underlying core is an application program
  accessible using open protocols.

32
Web Services

• Web Services are defined through industry
  standardization.
• There are a series of specifications including
  XML Schema and Web Services Description Language
  (WSDL).
• A Web Service may be as simple as a procedure
  invoked on a remote computer via common data
  formats and protocols.

33
Web Services

• Web Services can be invoked with a Simple Object
  Access Protocol (SOAP) request over an HTTP
  connection.
• This uses open standards such as XML, HTTP and
  Universal Description, and Discovery and
  Integration (UDDI).
• A Web Service is an application accessed via a
  set of remote procedure calls implemented over
  HTTP.

34
Web Services

• The deployment of Web Services is in its infancy.
  
• The effectiveness of the security mechanisms
  being built into the standards is unknown.
• Several areas that Web Services are vulnerable
• HTTP/Web server vulnerabilities
• SOAP Structure vulnerabilities
• WSDL vulnerabilities
• Application layer vulnerabilities

35
Web Services

• Web Services communicate over HTTP through Web
  servers.
• Any vulnerability of the Web server can manifest
  itself as a vulnerability of the Web Service.

36
Web Services

• A risk is associated with the actual Web Service
  code itself.
• As Web Services are designed to increase
  distributed code and usage, control over users of
  Web Services lessens.
• It is not safe to assume every usage will be with
  properly conformed messages for a particular Web
  Service.
• The Web Services application programmer must
  develop secure code.

37
SOAP

• Simple Object Access Protocol (SOAP) is a method
  of invoking remote procedures over the Internet.

38
SOAP

• SOAP is a framework for generalized XML messaging
  between applications.

39
SOAP

• Soap is language-neutral and platform-independent.
  
• The SOAP framework does no routing or security
  since these are managed in the extensible nature
  of the basic framework.
• Layered extensions allow adding these services in
  a cohesive and controlled fashion.

40
XML

• Extensible Markup Language (XML) formats messages
  used by SOAP to access and return data from Web
  Services.

41
XML

• XML Schemas define communication interfaces and
  carry information between Web Services.
• They invoke elements that allow a standard method
  that is independent of any firm or platform.
• It is extensible.
• It is language-neutral.

42
Directory Services (DAP and LDAP)

• A directory is a data storage mechanism like a
  database.
• The directory is designed and optimized for
  reading data, yielding very fast search and
  retrieval operations.
• The types of information stored in a directory
  tend to be descriptive attribute data.
• A directory offers a static view of data that can
  be changed without a complex update transaction.
• The data is hierarchically described in a
  tree-like structure.
• A network interface for reading is typical.

43
Directory Services (DAP and LDAP)

• The X.500 standard was created as a standard for
  directory services. It enables interoperability.
• An X.500 directory is accessed through the
  Directory Access Protocol (DAP).
• It is difficult to implement completely on PCs
  and other constrained platforms.
• This led to the Lightweight Directory Access
  Protocol (LDAP), which contains the most commonly
  used functionality.
• LDAP can interface with X.500 services.
• LDAP can be used over TCP with fewer computing
  resources than full X.500 implementation.

44
SSL/TLS LDAP

• LDAP is the Internet standard for directory
  services.
• LDAP over TCP is a plaintext protocol.
• This means data is over the network, which makes
  it susceptible to eavesdropping.
• To avoid this, data must be encrypted.
• The application of SSL/TLS service protects
  directory transactions from eavesdroppers.

45
SSL/TLS LDAP

• SSL/TLS provides several functions to LDAP
  services.
• SSL/TLS establishes the identity of a data source
  through certificates.
• SSL/TLS provides integrity and confidentiality of
  the data presented from an LDAP source.
• LDAP and SSL/TLS are separate independent
  protocols.
• Interoperability requires correct setup.
• Establish an SSL/TLS connection.
• Open an LDAP connection over the protected
  channel.
• Both the client and the server should be enabled
  for SSL/TLS.

46
SSL/TLS LDAP

• An LDAP server set up to function over an SSL/TLS
  connection operates as it always has.
• The LDAP server responds to specific queries with
  the data returned from a node in the search.
• The SSL/TLS functionality operates to secure the
  channel of communication and is transparent to
  the data flow from the user's perspective.
• SSL/TLS prevents observation of the data request
  and response, ensuring confidentiality.

47
FTP

• FTP is an application-level protocol.
• It allows operation over a wide range of
  lower-level protocols.
• FTP is embedded in most operating systems. It
  provides a method of transferring files between
  systems.

48
FTP

• FTP implementations operate both ways sending
  and receiving. They enable remote file operations
  over a TCP/IP connection.
• FTP clients are used to initiate transactions.
• FTP servers respond to transaction requests.
• The request can be either to upload (send data
  from a client to a server) or download (send data
  from a server to a client).

49
FTP

• When a user enters ftp//url in a browser address
  field, it indicates that the user wishes to see
  the data associated with the URL via an FTP
  sessionthe browser handles the details.
• File transfers via FTP can be either in binary or
  text mode.
• In either case, transfers are plaintext across
  the network.

50
Blind FTP (Anonymous FTP)

• An account must be used to allow the operating
  system-level authorization function to work.
• With an FTP server, you may not able to control
  who gets the information.
• A standard account called anonymous exists.
• It allows unlimited public access to the files.
• It is used to have unlimited distribution.
• On a server, access permissions can be
  established to allow only downloading or only
  uploading or both.

51
Blind FTP (Anonymous FTP)

• An FTP can be used to allow access to upload
  files to a server.
• It is a security risk usually implemented on
  specialized servers isolated from other critical
  functions.
• FTP should not be permitted on workstations.
• They should be disabled on servers.

52
SFTP

• FTP operates in plaintext mode.
• An eavesdropper can observe the data being
  passed.
• If confidential transfer is required, Secure FTP
  (SFTP) should be used.
• SFTP utilizes both Secure Shell (SSH) protocol
  and FTP to accomplish this task.

53
SFTP

• SFTP is an application program that encodes both
  the commands and the data passed.

54
SFTP

• SFTP must be on both the client and the server.
• SFTP is not interoperable with standard FTP.
• The encrypted commands cannot be read by an FTP
  server program.
• To establish SFTP data transfers, the server must
  be enabled with the SFTP program.
• Clients access the server provided they have the
  correct credentials.

55
SFTP

• SFTP operates in a similar way as FTP
• An identification function uses a username.
• An authorization function uses a password.
• There is no anonymous SFTP account by definition.
  
• Access is established and controlled from the
  server using standard access control lists, IDs,
  and passwords.

c
56
Vulnerabilities

• Protocols such as SSL/TLS provide methods for end
  users to use cryptography without understanding
  the method.
• This yields complacencythe impression that once
  SSL/TLS is enabled, the user is safe, which is
  not necessarily the case.
• If a Trojan program records keystrokes and sends
  the information to an unauthorized user, SSL/TLS
  cannot prevent this security breach.
• If the user connects to an untrustworthy site, a
  secure connection does not prevent the other site
  from running a scam.
• Using SSL/TLS and other encryption methods does
  not guard against credit card information being
  lost by the receiving company.

57
Vulnerabilities

• What and where data is protected requires
  understanding of what these protocols can and
  cannot do.
• The SSL/TLS suite can protect data in transit,
  not in storage.
• It can authenticate users and servers.
• Certificate mechanisms are established and used
  by both parties.
• SSL/TLS provides a secure method of
  authentication, followed by confidentiality in
  data transfers and data integrity checking.
• All of this occurs during transit, the protection
  ends once the data is stored.

58
Vulnerabilities

• Vulnerabilities
• Buffer Overflows
• Java and JavaScript
• ActiveX
• CGI
• Server-Side Scripts
• Cookies
• Signed Applets
• Browser Plug-Ins

59
Code-Based Vulnerabilities

• Browsers perform many types of data transfer.
• Helper programs or plug-ins increase usability
  for some data transfers.
• Separate application programs may be called by a
  browser to handle the data being transferred.

60
Code-Based Vulnerabilities

• Applications or plug-ins may include malicious
  codes that perform actions not desired by users.

61
Buffer Overflows

• The most common exploit to hack into software is
  the buffer overflow.
• It is the result of poor programming practices.
• When any program places data into a buffer and
  does not validate the input for correct length,
  the potential for a buffer overflow exists.

62
Buffer Overflows

• The concept is simple.
• A hacker writes an executable that performs an
  action on the target machine and appends his code
  fragment to a legitimate response to a program on
  the target machine.
• When the target machine reads through the
  too-long response, a buffer overflow condition
  causes the original program to fail.
• The extra malicious code fragment is now in the
  machine's memory, awaiting execution.
• If the hacker executed it correctly, the program
  will skip into the hacker's code, running it
  before failing.

63
Buffer Overflows

• Buffer overflows are exploitable in a wide range
  of programs.
• Fifty percent of the security incidents are from
  buffer overflow exploits.
• Users have to keep their machines up-to-date with
  patches from manufacturers.

64
Java and JavaScript

• Java is based on the C language.
• It was designed to be platform-independent.
• It offers a low learning curve and a
  platform-independent way of implementing programs
  across an enterprise.

65
Java and JavaScript

• Java and JavaScript operate through an
  interpreter called a Java Virtual Machine (JVM)
  on each platform that interprets the Java code.

66
Java and JavaScript

• The JVM enables the program functionality for the
  specific platform.
• Reliance on an interpretive step leads to
  performance issues.
• Java is plagued by poor performance when compared
  to most other languages.
• Security was one of the advantages of Java.

67
Java and JavaScript

• Java was designed to be used in trusted
  environments.
• When it moved to the Internet for general use,
  safety became an advertised benefit.

68
Java and JavaScript

• Safety is not security and a Java program can
  still cause significant damage to a system.
• The ability to read data from a hard drive and
  display it on the screen is essential for many
  programs.
• When the program is downloaded and run from the
  Internet, without the knowledge of the user, data
  may be sent across the Internet to an
  unauthorized user. This enables the program to
  spy on the user.
• Writing data to the hard drive may cause
  deletions if the program does not write the data
  where the user expects it to.

69
Java and JavaScript

• JavaScript is a form of Java designed to be
  operated within a browser instance.
• JavaScript enables features such as validation of
  forms before they are submitted.
• JavaScript runs within the browser the code is
  executed by the browser itself.

70
Java and JavaScript

• JavaScript was designed not to access files or
  network resources directly, except through the
  browser functions.
• Enterprising programmers found many other uses
  for JavaScript, such as manipulating the browser
  history files, now prohibited by design.

71
Java and JavaScript Security

• Each browser manufacturer has implemented
  configuration settings differently.

The Certificate management options dialog box in
Netscape Communicator
72
Java and JavaScript

• Java Script has not proven to be as secure as
  desired.
• This traces back to a similar fault in the Java
  language.
• Security was added later without a comprehensive
  security model.
• Most browsers do not have a mechanism to halt a
  running script short of aborting the browser
  instance.
• This may not be possible if the browser has
  stopped responding to commands.

73
Java and JavaScript Security
Java configuration options in Microsoft Internet
Explorer
JavaScript
74
Java and JavaScript

• The number of ways JavaScript can interact with a
  system is high.
• With so many opportunities for malicious code,
  the best advice is not to run JavaScripts or Java
  applets unless the source is trusted.

75
ActiveX

• ActiveX is a collection of APIs, protocols, and
  programs developed by Microsoft to download and
  execute code over an Internet-based channel.
• The code is bundled together into an ActiveX
  control with an .ocx extension.
• These controls are referenced in HTML using the
  ltobjectgt tag.

76
ActiveX

• Microsoft developed Authenticode that uses
  digital signatures.
• At the right are examples of Authenticode options.

Some of the ActiveX control options in Microsoft
Internet Explorer
77
ActiveX

• Windows users may determine who produced a
  specific piece of code and whether or not the
  code has been altered.
• Safety and security are different things.
• Authenticode promotes neither in reality.
• Authenticode provides limited accountability at
  the time of download and guarantees that the code
  has not been changed since the time of signing.
• Authenticode does not identify whether a piece of
  code will damage a system, nor does it regulate
  how the code is used.

78
CGI

• The Common Gateway Interface (CGI) was a method
  of having a Web server execute a program outside
  the Web server process, but yet on the same
  server.
• It passes information via environment variables
  to an independent program.
• It executes the program.
• It returns the results to the Web server.

79
CGI

• CGI offers many advantages to Web-based programs.
  
• The programs can be written in a number of
  languages, although Perl is preferred.
• These scripted programs embrace the full
  functionality of a server, allowing access to
  databases, UNIX commands, and other programs.
• If properly coded, CGI offers no more and no less
  risk than any other solution.

80
Server-Side Scripts

• CGI has been replaced with newer server-side
  scripting technologies such as Java, Active
  Server Pages (ASP), and PHP.
• They are similar to CGI they allow programs to
  be run outside the Web server and return data to
  the Web server for end users via a Web page.
• Each of these technologies has advantages and
  disadvantages. All have stronger security models
  than CGI.

81
Cookies

• Cookies are blocks of ASCII text passed within an
  HTML stream to store data temporarily in a Web
  browser instance.

82
Cookies

• Cookies pass back and forth between the Web
  server and the browser and act as a mechanism to
  maintain state in a stateless world.
• State is a term that describes the dependence on
  previous actions.

83
Cookies

• An HTTP session served by a Web server is
  stateless.
• Each request is independent of all previous
  requests.
• The server has no memory of previous requests.
• Cookies were developed to bridge this gap.

84
Cookies

• Cookies are passed along with HTML data through a
  Set-Cookie message in the header portion of an
  HTML transaction, or via a script in the HTML
  body.

85
Cookies

• A cookie is a series of name-value pairs that is
  stored in the memory during a browser instance.
• The specification for cookies establishes several
  specific name-value pairs for defined purposes.
• Additional name-value pairs may be defined at
  will by a developer.

86
Cookies Name-Value Pairs

• Set of name-value pairs includes
• Expires specifies when the cookie expires.
• If no value exists, the cookie is only good
  during the current browser session and will not
  remain on the hard drive.
• If a value is given, the cookie will be written
  to the user's machine and remain until it
  expires.
• Domain specifies the domain where the cookie is
  used.
• Cookies are memory-resident objects.
• Since the user or data can cause a browser to
  move between domains (for example, from
  comedy.net to jokes.org) some mechanism needs to
  tell the browser which cookies belong to which
  domain.

87
Cookies Name-Value Pairs

• Set of name-value pairs includes (continued)
• Path resolves the applicability of the cookie
  into a specific path within a domain.
• If path /directory, the cookie will only be sent
  for requests within the /directory on the given
  domain allowing a level of granular control over
  the information being passed between the browser
  and the server and limiting unnecessary data
  exchanges.
• Secure The keyword secure in a cookie
  indicates that it is to be used only in an
  SSL/TLS session.
• This does not indicate any other form of
  security.
• Cookies are stored in plaintext on the client
  machine.

88
Cookies

• Cookie management is an invisible process.
• Internet Explorer and Netscape Communicator have
  methods for users to examine and manipulate
  cookies on the client side.

89
Cookies

• Netscape Communicator stores the cookies in a
  long text file.
• Note the file location in the browser address
  line.

90
Cookies

• Cookie Management in Microsoft Explorer.
• Note the separate files.

Netscape Communicator cookie file
91
Cookies

• If users disable cookies in a browser, this
  information will not be available for the Web
  server to use.

Cookie management in Microsoft Internet Explorer
92
Disabling Cookies

• IETF RFC 2109 describes the HTTP state-management
  system (cookies) and the several cookie functions
  to be enabled in browsers, specifically
• The ability to turn cookie usage on and off.
• An indicator as to whether cookies are in use.
• A means of specifying cookie domain values and
  lifetimes.

93
Cookie Management

• This is the Netscape browser tool to manage
  cookies.

Netscape Communicator cookie Management via
browser
94
Disabling Cookies

• To surf cookie-free requires more than a simple
  step.
• Instructing a browser to stop accepting cookies
  is a setup option available through an options
  menu.
• It has no effect on cookies already received and
  stored on the system.
• To prevent the browser from responding to cookies
  already received, the user must delete the
  cookies from the system.

95
Deleting Cookies

• This is the tool to delete cookies in Internet
  Explorer.

The Microsoft Internet Explorer delete cookies
option
96
Signed Applets

• Code signing brings the security of
  shrink-wrapped software to software downloaded
  from the Internet.

97
Signed Applets

• Code signing adds a digital signature and
  certificate to a program file to demonstrate file
  integrity and authenticity.
• The certificate identifies the author.
• The digital signature contains a hash value that
  covers code, certificate, and signature to prove
  integrity.
• This establishes the integrity of the code and
  publisher via a standard browser certificate
  check.

98
Signed Applets

• Use of a certificate to sign an applet or a
  control allows the identity of the author to be
  established.
• The signing of code identifies the code's
  manufacturer and guarantees that the code has not
  been modified since it was signed.

99
Signed Applets

• A signed applet can be hijacked as easily as a
  graphic or any other file.
• An attacker can hijack a signed control by
  in-line access or copying the file in its
  entirety and republishing it.
• In-lining is using an embedded control from
  another site with or without the other site's
  permission.
• Republishing a signed control is done much like
  stealing a GIF or JPEG image.
• A copy of the file is maintained on the
  unauthorized site and served from there instead
  of from the original location.

100
Signed Applets

• The security concern of signed controls comes
  from how the control is used.
• A hacker may be able to use a control in an
  unintended fashion.
• Creating a file loss or buffer overflow.
• Conditions that weaken a system and may allow
  exploitation of other vulnerabilities.
• The control will still function as designed, but
  the issue becomes who it is used by and how.
• These are concerns not addressed simply by
  signing a control or an applet.

101
Browser Plug-Ins

• Plug-ins are small application programs that
  increase a browser's ability to handle new data
  types and add new functionality.

102
Browser Plug-Ins

• To date, plug-ins have had a good safety record.
• Although a plug-in changes a browser, and how it
  manipulates data, security holes have not been
  the norm in this area.

103
Browser Plug-Ins

• Not all plug-ins are safe.
• There are many plug-ins, most from small
  single-programmer shops, designed for specific
  purposes that may or may not be needed by most
  users.
• Your trust in plug-ins should be based on knowing
  whom you are trusting.