More Malware? - More Problems
(Page 4 of 4 )
The job of a company like ScanAlert is simply to identify and make sure sites are not vulnerable to different types of attack or are hosting malware. But it can only identify whether a site is being used maliciously or if it is adequately protected after the fact. Also, as mentioned above, they cannot detect all of the weaknesses (e.g. XSS) even if they understand how the site will be attacked, because the hackers have become so advanced in their techniques.
According to an article by Sűnnet Beskerming, the problems reported by Sophos “could be explained by virtual hosting servers with many sites on the one physical server being compromised, leading to the same vector affecting multiple sites (in some cases thousands of sites).” They also say that small local networks are particularly vulnerable to blended attacks.
They specifically mention a Universal Plug and Play (UPnP), which is designed to simplify how network devices communicate with each other, threat risk that exploits the “core functionality in Flash." The article says, “the UPnP vulnerability can be used to take control of pretty much any domestic network router and because it relies upon Flash, it can be executed on any platform that is running a compatible version of Flash.”
With all these new threat risks cropping up, it's hard to know exactly what to do. Each site has a vested interest in their own product and their representatives will say almost anything to protect the company image, as seen in the statements above. It's mostly important to review your site's security and make sure there aren't any holes or vulnerabilities in any infrequently used directories.
Thanks for reading this article and remember, if all else fails, just program your computer to destroy itself as soon as it's compromised. This will result in minimal data extraction on the hacker's end and an awe-inspiring explosion on your end. (Shake fists triumphantly).
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |