The Anti-virus Times

Wednesday, March 15, 2017

When we want to view a particular website and do so by entering the corresponding URL in our browser's address bar or clicking on a link to that site, we don’t think about the fact that we’re setting into motion a complex mechanism, and that a myriad of actions that are invisible to us are concealed behind a simple click of a mouse.

Upon our request, a remote server retrieves files from a hard drive or a database, opens them, alters the data so that our browser can display it correctly, and encrypts or compresses the files in order to transfer them. While the data is being transmitted, it can be further modified by proxy servers or processed by a cache server. Eventually, the data may be transformed once again in our browser by scripts that were transmitted with the rest of the page or by browser plugins. Those can filter out malware or ads, or, on the contrary, add advertisements or pieces of information.

A proxy server is a good example of software that processes the data being transmitted via it. By the way, proxy servers are quite often used to circumvent various access restrictions on the Internet.

But, wanting to hide from the all-seeing eye of secret services, we start trusting services about which we know nothing more than the “fact" that they are supposedly designed to keep our data secure.

Even if we completely disregard the fact that criminals are ever ready to take advantage of our paranoia, the likelihood of programmer mistakes or negligence is always present. As a result, instead of increasing our level of security, we can compromise it even further—that's exactly what happened to the Cloudflare proxy service recently. In addition to its primary function (filtering out DDoS traffic), Cloudflare could also perform other tasks involving the modification of transmitted data, such as inserting Google Analytics tags, obfuscating email addresses, etc. And, it turned out that, due to a software bug, the data transferred by the server contained “garbage”—random chunks of data that included personal data. As a consequence, the resulting webpages were indexed by and got into the cache of search engines, and from there the data could be retrieved by attackers.

Site password leaks are widely publicized by media outlets. After learning about such unfortunate events, users can change their passwords. But does anybody know somebody who was affected by the problem we described above?

The incident is similar to a typical office situation when new documents are printed on the reverse side of previously printed documents and are distributed among visitors. And no one seems to care what sort of information the original document may contain. So sensitive information is being leaked, but nobody knows whether anyone will be affected or whether the data will end up in criminals' hands. Naturally, the pages processed by the proxy servers were indexed by search engines, but did the data fall into the wrong hands? And can crooks tell which pages are of interest to them?

When it comes to the security of our data, we tend to take developers at their word. In most cases, our data is really secure—the developers did their job well or the hackers were too lazy to look for new vulnerabilities. And besides that, ominous news about vulnerabilities is, in reality, often of little significance (or the exact opposite), but how can you determine just how serious a problem actually is?