Most people have a pre-conceived notion that if there computer has a firewall or the latest anti-virus protection they are completely safe from hackers. This is simply not true.
It doesnt matter if you have a firewall or not. Sure, it blocks some unwanted intrusion to your computer but it cant block them all because of the very nature of the system. Just like a tiny bug that comes from outside and enters your home all it needs is the smallest opening and its there! Web traffic has to pass through firewalls to access your computer and even the best firewalls cannot process all the hugh amounts of inbound information.
Before a hacker can hack they have to talk to a computer in its own native tongue. Much of the time its HTML (hypertext markup language), but it can be Java, XML, Perl or a number of others. Most successful hackers have much more than a basic knowledge of computer languages as well as how security systems function. A hacker can be anybody with enough knowledge of computer languages and a great deal of computer savvy to look at a URL string and read between the lines. All a hacker needs to do is request information from web sites, servers or PCs using there unique knowledge of computer languages by using simple-well placed codes that may seen trivial yet extract a great deal of what you thought was secure information about you or your business. A hacker can, with persistence get administrative control of a web page and do just about anything to it like changing colors, graphic, text or Meta tags.
The only tools a hacker needs is an internet browser and a target URL. Broadly speaking a URL structure is: Protocol://sever/path/to/resourse?parameters This roughly translates to: http://targetsite.com/directory/files
When you open your browser to a web page whats viewed is what the browser interprets and displays. There is an ocean of information behind the pictures and text. On a typical web page, not readily available to the human eye but can be found none the less is information such as the HTML source code, source code keywords, hidden parameters, hyperlinks and a whole lot more. The more a hacker knows the better they can plan an attack. These people are very good at tricking a web server to release a source code for an application or script without it being executed. With enough prodding and poking at a web server they can view the original source code of the HTML content generated by the script. The method of attack will depend on what the hacker learns from the information accumulated from the server side, browser or client side.
Protocols
HTTPS is a protocol used for encrypted traffic within an HTTP stream. HTTPS is mainly used by sites that offer security where credit card and bank account numbers are used. Another level of security is the Secure Sockets Layer set of protocols (SSL) that has become a standard way to communicate between a web browser and a web site when a high level of security is needed. Not only that, but it can help secure e-mail, file downloads, and chat line conversations by using File Transfer Protocols (FTP) that works with SSL. Without this type of security in place it is relatively easy for someone to read the information you are transmitting. The thing to know here is that SSL only secures information in transit (between computer and website). It does not and will not guarantee security at your end and the site you are viewing! You will have to trust security measures at the site you are viewing and rely on your own computers virus and firewall protection. SSL uses a symmetric key cryptography for encryption, meaning the client and server uses the same key to encrypt and decrypt communication. If a hacker can decode the encryption key they can decipher the message coming in and going out.
Cookies
Many sites you visit will set a cookie on your system when you view that site. The purpose of cookies is to give you easier and faster access to the sites resources and to identify you later if you choose to purchase a product from them. This cookie will keep your personal information such as name, address and credit card number on their file in case you visit them again at a later date. The site itself has its own cookie system with the same personal information so when some user logs in they know who they are, what was ordered previously and what credit card was used so they can give you the use same and credit card? option. Because a lot of websites have security vulnerabilities hackers can view there cookies and retrieve credit card numbers and other personal info. Most web browsers let a user delete cookies on there system, either all of them or manually but they are still on the website visited. A common problem is if you punch in http://buyitnowsite.com and it sets up a cookie on your system, the creator of that cookie may have specified the domain type as site.com rather than buyitnow.com. Your browser then will offer up that cookie to any page in the same domain like virusdownloadsite.com (for example) or any site that you visit which may not have good intentions for you. This can lead to other sites having access to your personal information not intended for them. This could have been prevented if the technician who created that cookie made it specific enough to include the whole site name (buyitnow) in the coding. Really cookies are not intended to store information like user names and passwords, but unfortunately it is a common practice with websites and a hacker can view this information when infiltrating them. The best way to combat against cookie threats is through cookie management software that gives you full control over the use of cookies, which should include:
* Disable the sending and saving of cookies
* Notification before a cookie is sent
* Control of sending and receiving cookies based on the domain
* Look at and delete the contents of cookies
Most internet browser should give you a whole lot more options for cookies in the advanced tab or you can buy cookie software to have complete and easy access over all cookies.
I have mentioned here only a few areas of concern on protecting computer systems and internet browsing but there are others left untouched due to space ( one could write a book on the subject) but I hope you can see we are at more risk than you think. Because many of us have so easy access to the internet like an always on connection computers and servers will always be a target for hackers. Also the speed of connecting increases the risk of attack and the harder it will be to filter that access and make it harder for hackers. Even though we may never be completely safe from hackers there are things we can do to make there job harder. Never store personal information (passwords, credit card numbers) on your PC; instead use a floppy dick or CD for your private information and eject it from your PC when done. A general rule on firewalls is to block all incoming traffic that you didnt initiate. Dont run applications you are not familiar with and take what you download! Most important is to backup everything on your computer and make a bootable disk that you know is clean from infection.
No comments:
Post a Comment