Tuesday, February 3, 2009

The Threat of online security: How safe is our data?

Looming Online Security Threats in 2008

Web-based services, including social networks MySpace and Facebook, are becoming prime targets for hackers seeking your personal information

As Internet users display more of their personal information on social networking Web sites, and office workers upload more sensitive data to online software programs, computer hackers are employing increasingly sophisticated methods to pry that information loose. In many cases, they're devising small attacks that can fly under the radar of traditional security software, while exploiting the trust users place in popular business and consumer Web sites.

Exploiting Trust

These kinds of targeted attacks on Web-based services may constitute the top computer security threats of 2008, according to security experts. "One of the biggest challenges of 2008 will be, how do you do business online when you know there's a bad guy in the middle?" says Chris Rouland, chief technology officer in IBM's Internet security systems division. "The personal computer isn't the target of 2008; it's the browser," he says.

Although a rash of e-mail-borne virus outbreaks in recent years have made most PC users wary of opening attachments or clicking on links in suspicious messages, it may be harder to prevent attacks that exploit the Web-based lists of friends and business contacts that users store in widely used services and social networks. "We've definitely seen the bad guys use malware to go after friends’ lists on MySpace and Facebook," says Pescatore. "They're exploiting trust."

By targeting a relatively small number of users at a time—tens of thousands vs. millions—new hacking strategies can elude efforts to detect them. Hackers also are employing more professional approaches to maximize damage without being caught. These include division of labor by hacking expertise and wider use of black-market sites to hire programmers and purchase professional malware-writing tools.

Cellular and Corporate Caution

For consumers, it's not just their profiles on social networks that can be mined for personal information. Sophisticated smartphones that run full-fledged operating systems and e-mail applications, and hence store more valuable data, could present tempting targets. Security researchers have found numerous ways to break into prominent mobile-phone platforms from Symbian and Microsoft, and quickly demonstrated ways to hack into Apple's new iPhone. "All of a sudden on that phone is the stuff the identity thieves go after," says Gartner's Pescatore, noting security vendors have been hyping the cell-phone threat for years, while the damage hasn't amounted to much.

Cyberthieves are also attacking corporate databases in search of undisclosed financial data or proprietary design and engineering information that can be sold, says Phil Dunkelberger, CEO of security software company PGP. "The really big money now is going to be in stealing intellectual property," he says.

Viruses: More Sophisticated Bait

Hackers are also unleashing viruses that can recruit armies of consumer PCs into larger networks of remote-controlled machines. These "botnets" can distribute spam, attack database software, or keep a record of users' keystrokes. One of the worst, Storm Worm, has infected tens of millions of PCs this year.

Even the messages containing virus payloads are getting slicker. In the past, as compared with the sophistication of the viruses, the e-mails carrying them were rather crude. That made users less likely to follow their instructions, says David Perry, director of global education at security software vendor Trend Micro.

Security Tips

  • Don't give away any valuable personal information on your MySpace or Facebook profile or within messages to other members of the network and don't click on any links in social network messages from people you don't know.

  • No reputable company will ask for your password, account number, or other log-in information via e-mail or instant message.

  • Use one of the many antivirus, antispyware, and firewall programs on the market. Often, vendors offer all three functions in a single package. And many Internet service providers offer them free with your monthly subscription.

  • Upgrade your browser to the most current version. From Microsoft, that's Internet Explorer 7. Mozilla's Firefox is on version 2, as is Apple's Safari browser.

  • Pay attention to the messages from Windows that pop up on your screen, especially in the new Vista
    operating system. They often contain helpful security information that many users overlook.

  • Turn on Windows' automatic-update function to get Microsoft's regular security patches.

http://www.businessweek.com/technology/content/nov2007/tc2007119_234494.htm?chan=technology_technology+index+page_top+stories

No comments:

Post a Comment