Hey web devs! We knew you'd look under the hood. Please pardon the mess...we still have some clean up to do. If it drives you crazy and you want to help us get it perfect, maybe you should join our team! We could use another set of hands!
Reprinted from The Triangle Technical Journal
Just when you think that Web surfing is safe, think again. According to a report from the Computer Technology Industry Association (CompTIA), browser-based security attacks are on the rise and are anticipated to be “the next significant security threat to IT operations.” A browser-based security attack is defined as malicious code contained within a Web page (or HTML email) that appears harmless. The attacker uses the browser and user systems to sabotage or disrupt computer functionality.
To quantify the impact of such havoc on today’s technology, consider the following:
Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The email directs the user to visit a bogus but very legitimate looking Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers – information that the legitimate business already has. Bugs in the browser or email client make it possible for the “phisher” to hide their true URL from the end user.
Spyware is any software that covertly gathers user information through the user’s Internet connection without his knowledge. Spyware has the ability to monitor keystrokes, scan files on the hard drive, snoop other applications, install other spyware programs, read cookies, change the default home page on the Web browser, and gather information about passwords, credit card information, and email addresses – all the while consistently relaying this information back to the spyware author.
Adware is a form of spyware that collects information about the user in order to display advertisements in the Web browser based on the information it collects from the user’s browsing patterns.
As you can see, the Internet is not as friendly as it once was thought to be. Today, it is populated with criminals who have moved from the simple deviltry of erasing hard drives to that of the criminal activity of identity theft. And they’re not acting alone – finding that banding together to leverage each other skills is proving more profitable. Recently through an ordinary Google search, the Secret Service found and subsequently shut down ShadowCrew, an online shopping bazaar where criminals would buy and sell credit card numbers and identity documents. In total, there were approximately 4,000 criminals participating on the ShadowCrew site with predictions of estimated thefts valuing $1 billion if the site had not been shut down.
So how do you fight back? First, you need to clean up your computer, then you need to maintain that protection.
To clean up your computer, perform the following:
If it is not possible to switch from IE, then you should set its security level to High. Since setting the level to High may cause some websites to work improperly, you can add sites that you know are safe to use to your list of trusted sites. This will allow the site to work properly even with the High security setting.
And after you’ve “cleaned house,” it’s imperative to maintain this protection.
As we all know, the issue of information security is dependent on the actions that we, as users, take. If we don’t do everything within our power to protect our information, we are the biggest part of the problem. Therefore, it is ultimately our responsibility to take advantage of the tools and processes available to identify and clean up problems and establish a level of security required to protect our data.