Most Dangerous Security Myths


Recommended Posts

Most Dangerous Security Myths: Myth #3

Erik Larkin

"When the Web was young and blink tags abounded, it wasn't hard to avoid the bad stuff online. You could generally tell by looking at a site if it was unsavory or even dangerous, and if you were careful with your surfing and your e-mail, you could generally have gone without antivirus.

Not anymore. These days crooks like nothing more than to find a security flaw in a benign but vulnerable site and use the flaw to insert hidden attack code. Once in place, that hidden snippet will scan for security flaws on your PC any time you view the page. If it finds one, it will attempt a "drive-by-download," which surreptitiously downloads and installs malware onto your computer.

Sites large and small, from personal pages to big-name company sites, have been hacked in this way. You won't notice anything out of place if you view a hacked page, though if you know what to look for you might recognize an inserted 'iframe' if you view the page's source code.

The same theme holds for e-mail as well. Your trained eye can likely spot the majority of e-mail attacks, and you may even get a good chuckle out of some of the clumsy grammar and spelling. But not every attack e-mail is easy to spot. The targeted attacks mentioned for myth #2 in particular are difficult to catch, and even net-cast-wide blasts can often use good social engineering hooks.

This iron man myth needs to go the way of those godawful blink tags for two reasons: First, so you'll know to keep your PC secure so that if you're unlucky enough to happen across a hacked site, or accidentally open that well-crafted e-mail, the drive-by-download or e-mail payload won't snare you. Second, if you run your own site, you'll know to keep an eye on it to make sure it hasn't been hacked to attack your visitors. In particular, make sure you keep blogs and any other Web application up-to-date.

If you read the previous security myth-buster, you know antivirus by itself isn't enough. And now, you know that your good sense, while critical, isn't enough either. So sayonara, myth three."

http://www.pcworld.com/article/156376/the_...ths_myth_3.html

Myth #2 - read here: http://www.pcworld.com/article/156375/the_...ths_myth_2.html

Myth #1 - read here:

http://www.pcworld.com/article/156374/the_...rity_myths.html

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...