Microsoft: Don’t blame us, blame the browser add-ons

From the “it’s not my fault, it’s your fault” files:

Worried that Internet Explorer is less secure than alternatives? Eric Lawrence Security Program Manager on Microsoft’s Internet Explorer team argued on a Black Hat webcast about Clickjacking that Microsoft is not to blame.

In fact, Lawrence essentially argued that it’s the browser add-ons that are where many problems are.

“One of the things we’ve seen in the last two years is that attackers aren’t even going after the browser itself anymore. The browser is becoming a harder target and there are many more browsers,” Lawrence said. “So attackers are targeting add-ons.”

He added that attackers are finding add-ons with high market share looking for vulnerabilities and then exploiting every browser through the add-on. So in Lawrence’s view – whether you’re running IE, Firefox, Safari or Chrome you could still be at risk if there is a vulnerability in Flask, PDF, QuickTime or another popular add-on (sometimes also called plug-ins).

News Around the Web