Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Security

Group

Whatever...
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Drive by 'shootings' on the web at critical level

Recently new exploits which target Microsoft browsers have wreaked havoc on more than one company including at least one of the big6 accounting firms. Companies have been forced to virtually shut down their systems to prevent hackers taking control of everything from browsers, and computers to telephone systems. It certainly isn't pretty if you have thousands of workers unable to switch on their PC or make a phone call.

SQL injection attacks are loading the payload into hundreds of thousands of websites as you read this and any poor soul using MS browsers are likely to have trojans installed on their machine.

Anti-virus software will not protect you.

It's getting to the point where companies may have to start 'whitelisting' websites, rather than blacklisting bad ones, that list is just getting too big.

Our own website has been attacked (unsuccessfully) with ever growing frequency. Perhaps I've upset someone, but I doubt that we are experiencing anything too different from the rest of the websites out there - except for one particular very sophisticated and potentially deadly attack which had not been seen in the wild except by a single other site. It doesn't really help to block IP addresses because these attacks often spoof a site in China, Taiwan or Russia. Short of blocking whole countries, it wouldn't help and even then it is easy to use some poor unsuspecting user's computer in a zombie attack.

The big problem is that users don't have to do anything like open an attatchment or purposely download a file to be compromised.

Companies really have to evaluate whether it's worth a lost day for the corporation just to have access to random sites on the internet. It may make more sense to have sites vetted by the IT department before allowing users to visit them. The IT department will have to use sandboxed computers to do the vetting and keep checking them as long as they allow their users to visit them. Spare a thought for those poor harried IT guys, it's not their fault.

The web is currently 'owned' by the bad guys and don't believe the snake oil salesman for a minute.

There is no 'keeping ahead of the fraudsters' we're all way behind, especially if we keep using poor methodology in internet and transaction systems.

 

3632

Channels

Security

Group

Whatever...
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (0)

Join the discussion

Member since

0

Location

0

More from member

This post is from a series of posts in the group:

Whatever...

A place to share stuff that isn't at all fintec related but is amusing, absurd or scary.

See all
Community
See all blogs »
Fintech 

How innovation in encryption is helping secure the credit card approval process

Ghazi Ben Amor

Ghazi Ben Amor

Operational Risk Management 

DORA – Navigating the EU’s Operational Resilience Landscape

Antony Fung

Antony Fung

Fintech 

The importance of risk management in trading

Kate Leaman

Kate Leaman

Digital Identity Management 

Navigating the digital identity landscape: A blueprint for financial services competitiveness

Adam Preis

Adam Preis

Now hiring

See more