New research from Stanford University has found that the private browsing modes on today's leading web browsers (Internet Explorer, Firefox, Chrome, and Safari) are not really as private as some might think. Sites are still able to trace when users access them privately, which could still open up users to certain attacks.
According to Terry Johnston, Media Relations for ENC Security Systems, examples of attacks that can be perpetrated through the web browser include:
- Keylogging to lift usernames and passwords
- Stealing browser cache data to obtain financial information
- Lifting browser data from an unsecured Wi-Fi network to get username/password information to social media
These attacks can be a serious concern for small to medium-sized businesses or mobile users even at large-scale enterprise.
In response to this concern, security vendor ENC Security Systems has added a Private Web Browser to its Encrypt Stick product. In a nutshell, Encrypt Stick's Private Web Browser is more secure because it stores all your browser history on an encrypted USB stick. The browser also lives on the USB stick, so there's nothing housed on your actual computer, and no residue left on the computer. (This also serves the benefit of making even your private browsing history available to you, but only you.)
In addition to the Private Web Browser, Encrypt Stick offers two other services:
- Password Manager - the Password Manager also lives on the encrypted USB stick, and stores all of your passwords so you don't have to log in every time, which in addition to convenience prevents (1) keylogging software from stealing your passwords and (2) use of low-tech password recording techniques such as sticky notes or an Excel file. The Password Manager also has a virtual keyboard so when you do need to type in a password, you can do it in such a way that a hacker can't track the keystrokes.
- Encryption - Encrypt Stick offers encryption for your USB stick to make sure the whole process is secure. I pulled this statement from the company's website about the encryption it uses: "ENC Security's 512-bit polymorphic encryption creates an encryption algorithm that is unique to your specific flash drive, thus making it even more difficult to reverse engineer. Polymorphic encryption is fast, and can operate up to 10 times faster than standard 256-bit AES."
Note that some of the benefits of Encrypt Stick (such as reducing poor password policies and encrypting data) can also be found in today's leading biometric solutions, which I have written about several times in the past few months. (Read more: "Top 5 Misconceptions about Biometric Security," "Biometric Security Done Right," and "3 Biometric Security Devices: Are They Worth It?")
Do you have concerns about web browsing security, and what methods is your organization using to prevent data loss? Let me know in the comments or on Twitter.