2011 07 31 The Weak InSecurity: Comglomerates, Attacks, and Minutia
For you observers of the seasons, the walnuts are maturing nicely on the trees, with a harvest being likely in a mere few weeks. Then it is we'll gather our nuts for Winter cracking and cookies.
And speaking of nutty harvests, ZDNet informs us that 90,000+ web pages are carrying out iFrame attacks. Why is this even possible? Since 2008, hackers have been attacking FTP accounts, often used to load content to websites.
Why are you locking website content with something as easy to guess as a password? Taken one step further, why are you guarding your website's security with a protocol that sends the password in the clear? Do us all a favor; send your ID and password through the mail on postcards. And let's not forget those sweet scripts and toolZ that store the password in plaintext. Those are impossible to open and review the password...
I find it amusing that a 21st Century security exploit is only made all the more possible and likely because of over-reliance on technology from the 20th century, invented with petrol was full of leaded goodness for us all.
The articles demonstrate how a Google search demonstrates how search engines are 'seeded' with these links (and their penetration into the general Internet). Handy, to have all that search data out there for us all.
How do you slow your conversion to bot status? Not sure. I like to enable script execution tools. These show, dramatically, how much mash up activity there is. If you don't like a particular domain, then don't let it execute. Among naughty domains I keep inactive are bad boys like doubleclick, scorecard, and googleanalytics. If a site won't work with a script disabled, oh well, there are dozens of Internet sites that will. Much like choosing an Android game, those that insist on raiding my phone's abilities and my information, well now, no game is worth that set of problems.
Antitrust--a big action here in the 'States, and Google's own Schmidt is set to hit his fans... Does Google own too much of the Search business, maybe too much Internet II? That just seems odd to me. I'm more interested in the information that Google inspects and tallies. Their Desktop Search loves to keep actual copies of information and not just indices of metadata. That information can be sent to Google itself. How very nice!
Meanwhile, the Google+ name standards created quite a snafu for users of G+ and Google Docs. Why is it that something as security sensible as using a slightly traceable ID name creates such a buzz? Why is it no one noticed an increasing amount of their personal and business data held not only in G+, but also in Google Docs and the like? How is that not an issue?
Overall, think long range. The hacks against websites and other applications get massively prevalent, at a time when so much of our data is housed, imperfectly, by vendors offering tools and storage for nothing in so many cases.
Meanwhile, despite so many releases of information by governmental bodies and other large organizations, privacy law remains unexplored and unwritten.
Seems like one big B-Grade Sci Fi movie, huh?
Pay careful attention in the weeks to come. InSecurity is only increasing.
Commentscomments powered by Disqus
Become an InformIT Member
Take advantage of special member promotions, everyday discounts, quick access to saved content, and more! Join Today.