FREE Search Engine Submission - Submit your site to dozens of top search engines for FREE. No strings attached! Blog Ping http://pingmyblog.com/

Friday, October 15, 2010

Why is Internet Safety Important?



Today's Web is vastly different from yesteryear's Web and today's malware is vastly different from yesteryear's virus. No longer a form of digital graffiti, modern day malware is all about money. Your money, that is. This change in intent has also led to a corresponding change in tactics. Modern day malware is made to hide. Social engineering scams are increasingly sophisticated. Man-in-the-middle attacks can forcibly redirect you to hostile websites.

The Web has also changed. No longer a static one-sided delivery method, today's websites host and push content from a variety of sources. And the notion of surfing to only "known good sites" no longer applies. Today's dynamic Web technologies lend themselves to mass compromise of perfectly legitimate websites, outfitted with malicious scripts that turn the "known good site" into a virtual conveyor belt of malware.

The same technologies that foster Web developments also enable attackers to work smarter and faster. An attacker can use virtual hosting providers that redirect (and mask) a site's true origin. Automated tools leverage search engines to ferret out sites vulnerable to compromise. Other automated tools allow attackers to continually churn out repackaged malware designed to thwart signature-based antivirus. And in the darkest recesses of the Internet, the attackers use blogs, forums, and chat to barter malware and exploit frameworks.

And all of this is designed for profit - tricking you into laundering money, stealing your credit card details, siphoning your bank accounts, and even outright identity theft. Don't look to your bank to protect you either - if you don't directly foot the bill for the stolen funds, you'll indirectly pay for it with higher fees and higher prices sometime down the road.

The threat of compromised websites 
Web pages are coded in various browser-friendly scripting languages, typically including combinations of HTML, Javascript, ActiveX, and CSS. When a request to a website is made, the source code for that page is loaded and interpreted by the browser. What you see in your browser is the visual manifestation of the source commands.

A Web page isn't just static content from one source. It supports multiple types of active content, including from third-parties. Google Adsense is a good example of that (as is any other third-party advertising included on a site). The same programming techniques used to load third party advertising can be used to load any third party content, including malicious content if so desired. And attackers use that to their advantage.

In other words, when you visit one website, you are in reality pulling content from several different sites and servers. In the past, the biggest web risk was that third party content might be booby-trapped. For example, a rogue advertiser might insert a malicious banner ad into the advertising network, which then was pulled by all participating websites.

Today, the risk has shifted dramatically. Attackers are directly compromising websites and outfitting them with malicious external calls to hostile content.

SQL Injection Attacks 
One of the most common forms of Web site compromise are via SQL injection compromise. SQL is short for Standard Query Language, a scripting language used to manage databases. Many/most websites use some sort of database backend. This can be for everything from creating all or most of the site pages to storing information and generating search results pages. SQL injection attacks are malformed SQL queries that instruct the database to take some sort of unintended action beyond just returning requested data. In other words, a SQL injection attack tricks the database into responding to the query as if it were a command to take some specific action, versus just returning some type of information.

A database that is vulnerable to SQL injection can be compromised in a number of ways. Of most concern from an Internet safety standpoint are SQL injection attacks that embed malicious hidden iframes and malicious external references within the source code of the compromised Web pages.

When a Web surfer encounters one of these compromised pages, these hostile third-party references call up exploit code and malware from the attacker-owned sites. This action is invisible to the Web surfer - only a thorough examination of the website source code provides the tell-tale signs of the compromise; the page displayed by the browser looks perfectly normal.

Beginning in late October 2007, a series of SQL injection attacks began which continue to compromise millions of Web pages (past compromises include Ikea and WalMart). And because the malware is being delivered from reputable (but compromised) websites, the old advice to only surf to known reputable sites no longer helps. Worse, the malware foisted by the compromised sites typically consists of password stealers and backdoors. These password stealers and backdoors can be used to steal credit card information, bank account login credentials, and other sensitive financial or personal information.

When encountering one of these compromised sites, chances are you won't notice anything awry. The malware launches silently and once on the system it often uses rootkit technology to hide itself.

Staying Safe Online 
Internet safety isn't about avoiding the unknown or untrusted. Today, Internet safety also includes guarding against threats coming from even the most staid, legitimate, and otherwise honorable websites. Or in the words of the X-Files, 'trust no one'.

To avoid being victimized by a compromised website, either use the NoScript addon for Firefox, or disable active scripting in Internet Explorer and Opera. For further details, see Web Browser Security. In addition, follow these computer safety tips to lessen your susceptibility should exposure occur.

0 comments:

Sponsor Links

CHILDREN SAFETY BOOKS?
Your Personal Safety Or The Safety Of Your Family Members!
Teach You And Your Family How To Stay Safe!
www.carringtonbooks.com

HOW TO REDUCE FEAR, ESCAPE ANXIETY AND END PANIC?
How Could It Be So Easy,You've Just Been Released From Your Own Private Prison Of Fear!
www.reduce-fear.com

SUICIDE WARNING SIGN?
Learn The Suicide Warning Signs That Your Child, Friend or Partner Is Showing and Help Save Their Lives, Before It's TOO LATE!
Think Carefully About It, Their Life Could Very Well Depend On You!
suicidewarningsigns.net