Trust No One
The book is out on Web Insecurity
Posted by Tony Bradley
The Internet is like the Wild West. It used to be that you could protect yourself from the vast majority of malicious software and other Internet security threats by simply watching the sites you visited. Going to ‘freepiratedsoftware.com’ could very likely end up infecting or compromising your system while a site like Amazon.com, or CNN.com could be trusted.
That no longer seems to be the case.
Trusted, legitimate sites arebeing compromised more frequently resulting in users unwittinglydownloading malicious software and infecting their computers.
One ofthe most recent cases was the site of a major British music producer being compromised for a few days before having the malicious software removed.
What does that mean to you? Well, mainly it means that you can trustno one absolutely. Certainly your odds of being compromised or infectedwhile visiting a major, legitimate web site are significantly smallerthan if you were to visit a site like ‘freepiratedsoftware.com’, butthe burden of watching your back and protecting your data fallson….well, you.
Tony Bradley is an information security and unifiedcommunications expert with more than a decade of enterprise ITexperience. He tweets as @PCSecurityNews and provides tips, advice and reviews on information security and unified communications technologies on his site at tonybradley.com.
Editor's Note: The fly is to the spider what credit and debit card data is to the hacker. Not coincidentally, they both use the web to capture their prey. I'm glad that word is finally starting to get outthat the web cannot be trusted. Not even (sic) "trusted/legitimatesites. Not even for a second. What does this mean? It means thatHomeATM's approach to an E-Commerce E-Cosystem was "spot on." Myriadattacks designed to steal your financial data have cropped up over thelast 6 months and flaws in browsers cannot prevent these "types" of attacks from occurring. You can focus on "detection" but you cannot prevent it.
I was going to say that it will get worse before it gets better, but the fact is it won't get better...it'll just get worse.
Andthen, one day, everyone will see what I've been espousing for 17 monthson this blog. The web is not safe and in order to conduct securefinancial transactions, they MUST be done outside the browser space. Plain and simply put, a browser cannot be secured. Not with https, SSLor even EV SSL, which was exposed as "not being spoof proof" at the recent BlackHat conference a couple weeks back.
Hasanyone else noticed that the focus has gone from "PREVENTION" to"DETECTION?" Want detection? I detect that "typing" is the "cause"and the "effect" is hacking. Eliminate TYPING and you'lleliminate the effect is has on financial fraud because pick and pecking your creditor debit card data into a box at a merchant checkout website is exactlythe "type" of behavior hackers love.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_c.png?x-id=e0791f48-9531-4b9a-bae5-54d7741db1e0)
0 comments