- Adobe: The danger comes when you use outdated versions of Adobe programs or current versions with unpatched bugs that are exploited as security holes. One common manifestation comes when the user visits a Web site with a Flash-powered banner ad. No clicking required: as soon as the ad comes up, it delivers its payload.
- Firefox: Many Web-based attacks that target Firefox don't aim for the program executable itself. Rather, they seek to undermine add-ons - files which may not be binaries and so may not be assumed to be at risk - and the support structure for the program. Most of the danger comes from add-ons that pretend to be legitimate.
- QuickTime: Many PCs have QuickTime or iTunes installed, and most of us don't think of those things as potential security holes. However, various exploits have been documented in both the Mac and PC versions of QuickTime.
- DNS poisoning: DNS servers translate raw Internet addresses (such as 22.214.171.124) into human-friendly domain names (www.myfunsite.com). With a little work, the information provided by some DNS servers can be hijacked or misdirected - poisoned - allowing an attacker to send someone to any Web site they choose.
Everyday Threats from Everyday Applications
Great. Here are a few more things to worry about. A Computerworld article outlines several underrated computing threats that you should be guarding against during your computing day. Here's a quick summary of some of what the magazine has found.