Documentation Index
Fetch the complete documentation index at: https://roadtocybersec.com/llms.txt
Use this file to discover all available pages before exploring further.
Safe Browsing
Your web browser is the most frequently used application on your computer, and therefore the most targeted. It is the gateway between you and the internet, and every website you visit, every extension you install, and every link you click represents a potential attack vector. Safe browsing is not about paranoia; it is about developing informed habits that dramatically reduce your exposure to threats.Understanding HTTPS (and Its Limitations)
What HTTPS Does
When you see the padlock icon (🔒) andhttps:// in your browser’s address bar, it means the connection between your browser and the website is encrypted using TLS (Transport Layer Security).
HTTPS provides three guarantees:
- Encryption: Data in transit is encrypted, your ISP, Wi-Fi operator, or an attacker on the same network cannot read the content.
- Integrity: Data cannot be tampered with in transit without detection.
- Authentication: The website’s identity is verified by a Certificate Authority (CA) that issued the site’s TLS certificate.
What HTTPS Does NOT Do
Think of it this way: HTTPS is like a sealed envelope. It guarantees that nobody can read the letter while it is being delivered. But it says nothing about the intentions of the person who wrote the letter.Certificate Transparency
Modern browsers use Certificate Transparency (CT) logs, public, append-only records of all TLS certificates issued. This helps detect rogue or misissued certificates. If a Certificate Authority is compromised and issues a fake certificate forgoogle.com, CT logs make it publicly visible and detectable.
DNS Security
DNS (Domain Name System) is the phone book of the internet; it translates human-readable domains (google.com) to IP addresses (142.250.80.46). DNS is critical to your browsing experience, and it is often the weakest link.
DNS Attacks
- DNS Spoofing/Poisoning: An attacker injects false DNS records into a resolver’s cache, redirecting users to malicious sites even when they type the correct URL.
- DNS Hijacking: An attacker gains control of the DNS server itself (or your router’s DNS settings), redirecting all traffic through their infrastructure.
Protective DNS Solutions
- DNS-over-HTTPS (DoH): Encrypts DNS queries inside HTTPS, preventing ISPs and network operators from seeing or tampering with your DNS requests. Supported by Firefox, Chrome, Edge, and Brave.
- DNS-over-TLS (DoT): Similar to DoH but uses a dedicated TLS connection on port 853.
- Recommended DNS providers: Cloudflare (
1.1.1.1), Google Public DNS (8.8.8.8), Quad9 (9.9.9.9- also blocks known malicious domains).
Spotting Malicious Links
Before clicking any link, train yourself to analyze it:The Hover Test
Always hover your mouse over a link (without clicking) to preview the actual destination URL in the bottom-left corner of your browser.Common Deception Techniques
| Technique | Example | What to Look For |
|---|---|---|
| Typosquatting | paypa1.com (number 1 instead of letter l) | Character substitutions in domain names |
| Subdomain abuse | login.paypal.com.evil-site.com | The actual domain is evil-site.com, not paypal.com |
| URL shorteners | bit.ly/3xK9mT | The real destination is hidden; use URL expander tools |
| Homograph attacks | аpple.com (Cyrillic “а” instead of Latin “a”) | Characters from different alphabets that look identical |
| Path manipulation | evil-site.com/paypal.com/login | The path looks like a legitimate domain, but the actual host is evil-site.com |
Verification Tools
- VirusTotal (
virustotal.com): Scan URLs and files against 70+ antivirus engines. - URLScan.io: Visualizes what a URL actually does when visited (redirects, scripts, requests).
- Google Safe Browsing (
transparencyreport.google.com): Check if a URL is flagged as dangerous.
Browser Extensions: Power and Risk
Browser extensions have access to incredibly sensitive data; they can read every page you visit, modify page content, access your cookies, and even intercept form data (including passwords).The Risk
In 2023, researchers discovered that multiple popular Chrome extensions with millions of users were secretly exfiltrating browsing history, search queries, and personal data to third-party servers.Extension Safety Rules
- Minimize: Only install extensions you actively use. Uninstall everything else.
- Verify permissions: Be skeptical of extensions requesting “Read and change all your data on all websites.” This permission grants full access to every page.
- Official stores only: Only install from Chrome Web Store, Firefox Add-ons, or equivalent official stores.
- Check reputation: Look at download count, reviews, and developer history before installing.
- Review periodically: Audit your installed extensions quarterly and remove any you no longer use.
Recommended Security Extensions
| Extension | Purpose |
|---|---|
| uBlock Origin | Ad and tracker blocker (also blocks malvertising) |
| HTTPS Everywhere | Forces HTTPS connections where available (built into most modern browsers now) |
| Privacy Badger | Blocks invisible trackers (developed by the EFF) |
| Bitwarden | Password manager browser integration |
Cookies and Tracking
What Cookies Are
Cookies are small data files stored by websites in your browser. They serve legitimate purposes (keeping you logged in, remembering preferences) but are also used extensively for tracking.Types of Cookies
- First-party cookies: Set by the website you are visiting. Generally necessary and benign (session cookies, login tokens).
- Third-party cookies: Set by domains other than the one you are visiting (ad networks, analytics services). These enable cross-site tracking, following you across the internet to build advertising profiles.
Browser Fingerprinting
Even without cookies, websites can identify you through browser fingerprinting: collecting your screen resolution, installed fonts, browser plugins, timezone, language settings, and hardware specifications to create a unique “fingerprint.” The EFF’s Panopticlick research found that 84% of browser fingerprints are unique.Major browsers (Safari, Firefox, Brave) now block third-party cookies by default. Chrome plans to phase them out by 2025. However, browser fingerprinting remains an active tracking technique that is harder to prevent.
Malvertising
Malvertising (malicious advertising) is the use of legitimate ad networks to deliver malware. Attackers buy ad space on reputable websites, and the ad itself contains malicious code that can infect your device, sometimes without you even clicking on it (known as a drive-by download).Why Ad Blockers Are a Security Tool
Using a reputable ad blocker like uBlock Origin is not just about avoiding annoying ads:- It blocks malvertising attacks at the network level
- It reduces your exposure to tracking scripts
- It prevents drive-by downloads from malicious ads
- It also significantly improves page load performance
Drive-By Downloads
A drive-by download occurs when visiting a webpage automatically triggers the download and execution of malicious code, without any user interaction. These attacks exploit vulnerabilities in browsers, browser plugins (like outdated Flash or Java), or the operating system itself. Defense: Keep your browser and OS updated, use an ad blocker, and disable unnecessary browser plugins.Key Takeaways
- HTTPS ≠ safe: It only means the connection is encrypted. Phishing sites use HTTPS too.
- Switch your DNS: Use Cloudflare (
1.1.1.1) or Quad9 (9.9.9.9) for privacy and security. - Hover before clicking: Always verify the actual destination URL.
- Minimize extensions: Every extension is a potential attack vector. Only keep what you actively use.
- Use an ad blocker: uBlock Origin blocks malvertising, tracking, and drive-by downloads.
- Be aware of tracking: Third-party cookies and browser fingerprinting follow you across the web.