Seven factors that make your website no longer secure

Bkjia.com exclusive translation] the traditional opinion is that when surfing the Internet, as long as you do not browse porn, stock investment and gaming websites are secure, however, according to a recent study by Sophos, an IT security and control company in Boston, we believe that secure websites are not necessarily safe.

According to Sophos's Research Report, the first six months of this year, there were 23500 newly infected webpages infected with one page every 3.6 seconds, an increase of 4 times compared with the same period last year, many infected webpages are on valid websites.

In a recent interview, Richard Wang, head of the Boston lab, outlined seven main reasons why legitimate websites are becoming increasingly dangerous.

Malicious Advertisement

Many legitimate websites rely on paid advertisements for survival, but Wang said, according to the analysis results of recent laboratories, these advertisements often hide malware, and webmasters and users do not know. Most websites are contracts with advertising companies, rather than direct advertising customers. Some advertising companies are lax in reviewing content.

Attackers can exploit this vulnerability to merge advertisements into Flash Animation and other rich media. When a user clicks this advertisement, the browser may and is often redirected to a malicious website, downloading malware in the background is completely unaware of the user. He/she is still browsing a legitimate website. These malware generally collect user names, passwords, and sensitive bank data.

SQL injection attacks

SQL injection attacks are currently the most popular attack methods. Some notable SQL injection attacks have occurred in the past few years. SQL injection attacks are a technology that uses encoding defects in Web applications or Web pages. For example, a hacker may enter a short SQL code after a field to collect the email address, if the application does not perform security verification on the entered content, the server may execute the SQL command entered by the hacker to gain control of the server.

Wang said hackers often use poorly developed websites for SQL injection attacks.

User-provided content

Now everyone can write comments, post blogs, or post content on social networking websites. Malicious people use this to interfere with the topic, publish some spam messages and malicious links, people who accidentally click may also publish some attractive texts and images, but they are linked to malicious websites.

Steal website login information

Using the above types of malware and social network means, attackers can steal creden of content providers, so that they can log on to the website as you do and do everything they want, generally, they only have a little bit of hands and feet, and you will not notice that adding a small piece of code can steal the credit card or other data of website visitors.

Damage managed services

This is similar to the previous situation where the login information of the content provider is stolen. Hackers can log on to the website normally and perform some harmful operations. In this way, malicious people may suddenly have thousands of website hosting service providers.

Local malware

The website you visit may be foolproof, but if malicious software is hidden on your computer, you may unconsciously become an accomplice of attackers. For example, users can access the online banking website, when you enter the user name and password, the trojan records the sensitive information and sends it to the hacker. After the hacker obtains the account, the money on your account may be stolen.

Hacker manipulation

Finally, hackers may sell you fake stores, including disguised security software. If a warning dialog box pops up, your computer may be infected, you must download a specific security tool to clear it. The most common thing is that when you access a website, malicious programs are secretly downloaded to your computer.

Wang said, "You may have spent $39.95 to buy a piece of worthless software and may have stolen your credit card information ".

What should you do if you want to put ads on your website? Wang suggested that the IT security administrator use the Security Scan software to scan the content that requires third-party hosting. Developers should also work harder to write safer code.

For those who do not understand the technology, it is wise to perform vulnerability scanning every day and continuously update security patches to enhance system security.

Bkjia.com exclusive Article. For more information, see the source and author !]