Thursday, January 9, 2014

Your perimeter is his challenge

our perimeter is his challenge

“There is always more spirit in attack than in defence” (Roman historian, Tito Livio). Hackers will always be looking for ways to circumvent our defenses and carry out their offense. This implies that it is even more important for organizations and users to take the protection of their systems and their devices very seriously.

For example, retailers should keep their point-of-sale (POS) systems isolated from the rest of their networks to prevent that an attack on them, for example through the payment card reader, affects to other devices or data bases of the company.

Since 2003, when the Domain Name System of the Internet opened the possibility of using non-ASCII characters, some hackers have taken that opportunity to generate homograph attacks using similar domain names to the genuine ones, but taking some look-like characters from other alphabets.

Actually sometimes the cyber-aggression comes through a genuine website, as happened last week with some ads on Yahoo’s European site. By the way, it has been reported that the goal of the malware spread in that case was to use victims’ computers to mine bitcoins.

Nevertheless, be cautious when reporting a security hole on a website unless you want to end up with the police as happened to an Australian teenager. The boy found a security flaw in one the Transportation Department’s websites which gave him access to a 600,000 users database. He notified it to the site’s administrator, but never got an answer. After contacting a newspaper and telling it about the case, he was reported to the authorities.

Precisely vulnerabilities are a little sweet for cybercrooks. There is always something waiting for being discovered. Like the one on the X11 server that remained anonymous for 23 years for instance. Administrators of such servers should apply the patch developed by the X.Org as soon as possible.

Indeed, security updates to fix an operating system flaw are part of the daily routine already. However, it seems that Apple stopped releasing this support for user of OS X previous versions to Mavericks. Therefore, if you are working on Snow Leopard, Lion or Mountain Lion, Sophos advise you to update to Mavericks or swap to Windows 7 or Linux, so do it. You do not want a hacker to put all his spirit in compromising your beloved Mac, do you?


We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)


Post a Comment