Your browser is obsolete!

The page may not load correctly.

Persona (non) grata

Persona (non) grata

Other issues in this category (20)
  • add to favourites
    Add to Bookmarks

Data is converted into…

Read: 1937 Comments: 15 Rating: 41

When we want to view a particular website and do so by entering the corresponding URL in our browser's address bar or clicking on a link to that site, we don’t think about the fact that we’re setting into motion a complex mechanism, and that a myriad of actions that are invisible to us are concealed behind a simple click of a mouse.

Upon our request, a remote server retrieves files from a hard drive or a database, opens them, alters the data so that our browser can display it correctly, and encrypts or compresses the files in order to transfer them. While the data is being transmitted, it can be further modified by proxy servers or processed by a cache server. Eventually, the data may be transformed once again in our browser by scripts that were transmitted with the rest of the page or by browser plugins. Those can filter out malware or ads, or, on the contrary, add advertisements or pieces of information.

A proxy server is a good example of software that processes the data being transmitted via it. By the way, proxy servers are quite often used to circumvent various access restrictions on the Internet.

But, wanting to hide from the all-seeing eye of secret services, we start trusting services about which we know nothing more than the “fact" that they are supposedly designed to keep our data secure.

Even if we completely disregard the fact that criminals are ever ready to take advantage of our paranoia, the likelihood of programmer mistakes or negligence is always present. As a result, instead of increasing our level of security, we can compromise it even further—that's exactly what happened to the Cloudflare proxy service recently. In addition to its primary function (filtering out DDoS traffic), Cloudflare could also perform other tasks involving the modification of transmitted data, such as inserting Google Analytics tags, obfuscating email addresses, etc. And, it turned out that, due to a software bug, the data transferred by the server contained “garbage”—random chunks of data that included personal data. As a consequence, the resulting webpages were indexed by and got into the cache of search engines, and from there the data could be retrieved by attackers.

Site password leaks are widely publicized by media outlets. After learning about such unfortunate events, users can change their passwords. But does anybody know somebody who was affected by the problem we described above?

The incident is similar to a typical office situation when new documents are printed on the reverse side of previously printed documents and are distributed among visitors. And no one seems to care what sort of information the original document may contain. So sensitive information is being leaked, but nobody knows whether anyone will be affected or whether the data will end up in criminals' hands. Naturally, the pages processed by the proxy servers were indexed by search engines, but did the data fall into the wrong hands? And can crooks tell which pages are of interest to them?

When it comes to the security of our data, we tend to take developers at their word. In most cases, our data is really secure—the developers did their job well or the hackers were too lazy to look for new vulnerabilities. And besides that, ominous news about vulnerabilities is, in reality, often of little significance (or the exact opposite), but how can you determine just how serious a problem actually is?

#security #security_update #vulnerability #password

Dr.Web recommends

  1. First, barricade all the doors and plug all the holes. In other words, install updates for all the programs on your computer and use security software.
  2. Update the secret word that grants entry into your house—passwords mustn’t be allowed to get stale.
  3. And clean your gun regularly—keep your anti-virus up to date.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments