Other issues in this category (18)
Sites and passwords. Passwords and sites
Monday, August 20, 2018
It’s time for us to give you more tips on how to keep websites secure.
First, experience shows that a huge number of sites get compromised simply because attackers manage to pick the right password.
A private talk revealed that a hacker used Shodan to look for Netgear Nighthawk R7000 routers that used the default FTP-access password. The attacker used the password to gain access to a number of routers, including devices providing connectivity in military facilities.
So, there’s no need for hacker tricks: use a publicly available service to find vulnerable devices, enter the default password—and voila!
According to Recorded Future, as many as 4,000 vulnerable Netgear routers are still accessible over the Internet.
And many other devices are connected to the Internet too…
How many sites on the World Wide Web offer "free entry"?
The DHS (Department of Homeland Security) subpoenaed Twitter. The DHS is demanding that Twitter reveal account information associated with a user who regularly reports data leaks online. The unidentified New Zealand national goes by the handle Flash Gordon.
Flash Gordon regularly reports on data leaks he’s found on exposed servers on the Internet. Last year, he found a trove of data, belonging to almost a million patients, leaking from a medical telemarketing firm.
Hackers with the Ukrainian Cyber Alliance committed to review security on Internet sites belonging to various government agencies. Whenever the team discovered flaws in database security, they would publish corresponding documentation on social media sites.
The volume of accessible data is huge.
Security researcher Vinny Troia found a 2-TB database on a publicly available server.
It contained about 340 million records. According to The Wired, the data was gathered by the Florida-based company Exactis. The information includes the personal data of 230 million Americans and 110 million US businesses.
To make things worse, it’s often next to impossible to notify site owners about a breach. Their sites provide no contact information whatsoever, and even if a reference to some admin@… is present, no one usually reviews the messages being sent to that address. And perpetrators are free to abuse the compromised sites to their hearts' content.
Based on my own experience, I recommend that site owners pay close attention to visitor feedback.
We won't describe in detail how we try to reach well-known, respected companies to no avail, but shame on them!
The Anti-virus Times recommends
- Once you have purchased a device, change the default password before it gets connected to the Internet. Five minutes of a support engineer performing maintenance routines with security features disabled was enough to get a device infected.
- Use long passwords!
Our experience shows that randomly generated 10- to 12-character passwords aren't strong enough.
- Monitor all attempts to crack a password. And those aren't limited to brute-force attacks. Watch out for failed sign-in attempts too. Recently attackers used scripts repeating three sign-in attempts at wide intervals and eventually succeeded.
- If you make files available for download, take care to establish a routine that will compare the files with samples or verify them with checksums. Incidents of malware being smuggled onto computers, instead of legitimate files, are becoming more frequent!
- Use a secure channel to manage your site's content under an account you normally do not use.
- Sign out from your content management interface. And this means actually signing out, rather than closing the browser tab.
- Back up your data.
- If you've been notified that your site has been compromised, please respond. If you don't want to look through all the messages that pile up in your mailbox, set up mail filters. After all, you are an IT specialist!
The problem is that attackers who have gained access to a certain site don't even need to upload a new file but only post a link to it. In this case, the anti-virus scanning the site's files won't be able to do anything.
The investigation that followed revealed that criminals gained access to the site's control panel and changed the distribution download links. It is also worth mentioning that the actual distribution files weren't tampered with.
How did we respond?
Now a utility validates all files against their respective reference files. We are also considering the option to adopt Kaspersky anti-virus software.
Will that work? Of course not since links can just point to different files, not the ones that have been checked.