SSL / TLS certificates and the certificate authorities that sign them are vital to online security. They’re responsible for two important aspects of secure online communication: encrypting network traffic and verifying the identity of sites. Any SSL / TLS certificate can be used to encrypt data, but only certificates signed by a certificate authority can be used to verify the identity of a site. If the identity verification system stopped working, there would be no way to stop a malicious site from pretending to be your bank, Google, or any other site.
Category Archives: Security
It’ll come as no surprise that many developers feel they are losing the battle against online criminals and data thieves. With ever increasing frequency, we hear of major security breaches at organizations users should be able to trust with their data. As more of the economy moves online, the potential rewards for hackers have increased exponentially. Developers feel beleaguered. In a reversal of the usual commonplace about criminals and those who fight them, hackers have the luxury of making as many mistakes as they need to before they hit on the right strategy. Developers pay dearly for any mistakes they make in the design and construction of secure systems.
Modern content management systems make it almost too easy to install new features. WordPress in particular has a plugin and theme ecosystem that encourages experimentation. Tens of thousands of developers contribute plugins to the WordPress ecosystem, and browsing through the plugin repository presents enticements at every turn. The temptation is to install plugins on a whim — after all, they’re free, so why not?
Unless you’ve been hiding under a rock, you’ll be well aware of the recent critical vulnerability discovered in the GNU C Library, a core component of the vast majority of Linux distributions. The vulnerable function was used in many thousands of Linux applications across potentially millions of devices, including servers.
The developers behind a popular desktop Linux distribution recently revealed that their site had been hacked. For several hours the link leading to one or more of the distribution’s direct downloads in fact lead to a compromised version of the distro with a backdoor installed. If users downloaded the distribution during that period, they may have installed an operating system that was wide open to an attacker. The attacker responsible, who goes by the name of Peace, claimed that he has control over several hundred machines running Mint.
On December 23, a large section of Ukraine went dark. The source wasn’t mechanical failure, nor was it human error. According to Ukrainian officials, it was a cyber-attack, the source of which was reportedly Russia.
To make matters worse, a more recent attack against Kiev’s main airport probably originated from the same source.
It can get kind of exhausting, trying to keep up with all the data breaches surfacing in the media. It seems like almost every other week, there’s some new crisis in circulation; a new leak, hack, or exploit that puts our personal information at risk. Some are worse than others – a hospital losing a few thousand patient names versus a bank losing hundreds of thousands of financial records, but every breach of private data has the potential to wreak considerable emotional and financial harm on the people concerned.
Today, we’re going to take a look back at some of the worst data breaches we saw this year. Hopefully, as we move forward into 2016, we don’t start seeing incidents that top them (though we probably will).
According to Trend Micro, 2016 will be “the year of online extortion.” Ransomware and extortion tactics targeting users both within enterprise and without will see a sharp increase. Online threats, the report explains, will “evolve to rely more on mastering the psychology behind each scheme than mastering the technical aspects of the operation.”
If you’ve ever used the Internet, you’ve dealt with spam. From fraudulent Nigerian Princes to socially-engineered phishing attempts to word-salad comments on blog posts, spam’s as much a part of the Internet as pictures of cats. As a result, most of us have kind of just accepted that it exists and moved on.