Activist Group and Hackers Anonymous, notorious for breaching security platforms, recently struck again, disabling the United States Sentencing Commission?s website, just another of the many federal government computer networks it has claimed to have infiltrated. Recently released intelligence points to the Chinese for alleged computer hacking at the New York Times, Wall Street Journal and numerous other U.S. businesses for years now.
Jill Van Hoesen
Not to be outdone, Anonymous struck again, this time targeting Twitter and gaining access to at least 250,000 passwords. Twitter released this statement after the Anonymous breach: ?This attack is not the work of amateurs and we do not believe it was an isolated incident, the attackers were extremely sophisticated and we believe other companies and organizations have also been recently similarly attacked.?
There are many aspects of cyber crime that your business will grapple with as you try to protect information and intellectual property while your employees and customers no longer function in a singular PC culture. Rather, they are increasingly embracing a wider variety of platforms, each with a different security protocol, operating system and user interface. Cyber criminals are abusing this computer divergence and not everything makes the headlines.
In January, more than 850 million PCs were put at risk worldwide as the Black Hole toolkit took advantage of a gaping security flaw in Java software, redirecting thousands to malicious Web pages after a user clicked an infected Internet ad. Numerous legitimate weather and news ad networks began redirecting to Black Hole sites, implementing the Java Zero-Day Attack. Hackers are exposing software vulnerabilities with hopes to install malware, steal your identity or make a botnet out of your infected PCs or device so they can later use it in denial-of-service attacks against other sites.
Popularity among users of the Java software as a plug-in on Internet browsers including Microsoft Internet Explorer and Mozilla Firefox brought this attack to the fore of security experts and the U.S. Department of Homeland Security. The DHS Computer Emergency Readiness Team commented, ?We are currently unaware of a practical solution to this problem. This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available.?
The problem was severe enough that Oracle, Java?s parent company, released numerous emergency security patches after the latest exploit was exposed. Security researcher Adam Gowdiak from Poland-based Security Explorations, has been studying the software flaws of Java for more than a year and after analyzing the latest update he found, ?the patch still leaves a number of critical security flaws.?
Jaime Blasco of AlienVault Labs echoes this statement. Mr. Blasco branded Oracle?s offering as a ?mess.? This was later reinforced by Mr. Gowdiak?s recommendation against using the software, ?We don?t dare to tell users that it?s safe to enable Java again.?
It is not only the personal computer user who needs to be aware of risks in the software flaws of Java plugins. A number of security firms have recommended businesses take immediate action to disable the software.
For the causal computer user, the possibility of malware installation and identity theft is appalling, but it could cost firms far more over time. H.D. Moore, chief security officer of Rapid7, a vulnerability management and penetration testing software company, estimated that ?it could take up to two years for Oracle to fix flaws found in the version of Java used to browse the Internet, not taking into consideration any further exploits that are developed within this timeframe. It seems like something of a lost cause. The safest thing to do at this point is just assume that Java is always going to be vulnerable. Folks don?t really need Java on their desktop.?
Are you using Java? Are you deploying anti-virus protection across your corporate network and on your personal computing devices? Are you updating all of your software to ensure you are protected from the latest threats? As technology continues to play a greater role in all of our lives, security threats will come from many unexpected places and data breaches will continue to threaten your personal and professional life. Don?t become complacent and let your guard down as the malware threat goes on.
Jill Van Hoesen is chief information officer for Johnson Newspapers and a 25-year IT veteran. Contact her at jvanhoesen@wdt.net. Her column appears monthly in NNY Business.
dodd frank Lark Voorhies Jennifer Livingston Orlando Cruz MLB Playoff Schedule arizona cardinals Big Bird
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.