It’ll come as no surprise that many developers feel they are losing the battle against online criminals and data thieves. With ever increasing frequency, we hear of major security breaches at organizations users should be able to trust with their data. As more of the economy moves online, the potential rewards for hackers have increased exponentially. Developers feel beleaguered. In a reversal of the usual commonplace about criminals and those who fight them, hackers have the luxury of making as many mistakes as they need to before they hit on the right strategy. Developers pay dearly for any mistakes they make in the design and construction of secure systems.
Monthly Archives: March 2016
Modern content management systems make it almost too easy to install new features. WordPress in particular has a plugin and theme ecosystem that encourages experimentation. Tens of thousands of developers contribute plugins to the WordPress ecosystem, and browsing through the plugin repository presents enticements at every turn. The temptation is to install plugins on a whim — after all, they’re free, so why not?
Unless you’ve been hiding under a rock, you’ll be well aware of the recent critical vulnerability discovered in the GNU C Library, a core component of the vast majority of Linux distributions. The vulnerable function was used in many thousands of Linux applications across potentially millions of devices, including servers.
The developers behind a popular desktop Linux distribution recently revealed that their site had been hacked. For several hours the link leading to one or more of the distribution’s direct downloads in fact lead to a compromised version of the distro with a backdoor installed. If users downloaded the distribution during that period, they may have installed an operating system that was wide open to an attacker. The attacker responsible, who goes by the name of Peace, claimed that he has control over several hundred machines running Mint.