Re: Checking for old web browsers and media plugins

[Dean De Beer <deandebeer () GMAIL COM>]

Actually, I'm doing something similar right now. We have a series of scripts
that collect browser, OS and plugin info and write that data to a database.
The scripts are embedded on our NAC portal page which requires the student
to register/authenticate. This way we are able to map that information back
to a MAC address and student ID. When we see any driveby website traffic we
can determine if the user would have been infected or not based on their
current plugins/patches. Not ideal but it's better than trying to report on
every device as potentially infected. We are looking to add this to our
intranet page that opens up on all staff workstations as the browser
homepage.

/dean

On Wed, Feb 18, 2009 at 2:25 PM, Bob Bayn <bob.bayn () usu edu> wrote:

> We've seen some drive-by compromises here lately.  We run weekly Nessus
> scans every week against all of our active IPs but those scans don't
> discover things like old web browsers or missing updates on various media
> plugins.  We are wondering if it would be productive to put some detection
> and reporting of obsolete browser or media plugins into some of our commonly
> used local web pages (access to our CMS or ERP) so we can encourage some
> updating before the drive-by events happen.  Is anybody doing this or
> considering it?
>
>
> Bob Bayn     (435)797-2396     Security Team coordinator
> "IT will NEVER ask for your password via email, honest!"
> Office of Information Technology at Utah State University