Friday, October 9, 2009

The online threat level keeps rising

If ever there was a time for individual net-users, system administrators and those who set IT policies within larger entities to be vigilant and pro-active, now is it.

This week alone has seen a wave of vulnerabilities, alerts and news reports that show just what a hostile place the online world has become.

As well as the surprisingly little-publicised browser vulnerability that affects the safety and security of SSL connections, the wires have been flooded with stories about the ease with which phishers managed to secure the login IDs and passwords of Yahoo, Hotmail and GMail users.

Then there was word of a new critical vulnerability in the ubiquitous Adobe PDF reader. Using a suitably constructed document file, hackers can gain control of a user's computer -- enabling all sorts of nefarious new code to be uploaded so as to turn that machine into a spambot or to install trojans, keyloggers or other malware.

One of the astounding revelations that has come from the Hotmail phishing exploits is the weakness of passwords some people have chosen.

According to reports, the most common password was "123456" (or some other run of sequential digits) -- something that would send a shiver down the spine of any half-decent system admin or security consultant.

Is this recent hike in hacks, vulnerabilities and successful phishing exploits just an anomaly or does it point to a dangerously poor understanding of basic security procedures within the online community?

There is some good news however. A lack of funds now need not be a hurdle to equipping your PC(s) with anti-virus/anti-malware software. Microsoft's new security suite has been given fairly positive reviews. On the other hand, despite planning to release a bevy of patches next week, the software giant still hasn't done anything about the gaping hole in its SSL code.

If this trend continues, and there's no reason to believe it won't, it really is time for all computer users to take a good long look at the measures they have in place to protect their systems and the data entrusted to them.

Basic commonsense such as using strong passwords that are changed at regular intervals is a great start. The installation and maintenance of reliable anti-virus/malware systems is also critical to security.

However, as software vendors continue to patch their holes, it's increasingly important to educate users as to the many different kinds of "human engineering" that criminals are now resorting to.

The fact that the wife of FBI director Robert Mueller has banned him from using the internet after a "close call" with a phishing scam is proof that we should never assume that anyone knows how to recognise and avoid such attacks.

Remember -- be careful out there.

No comments:

Post a Comment