Security Brief: Insecure Week

This week wasn't exactly what I'd call the best week for cyber-security. Every day I wrote at least one material about hackers or vulnerabilities. Systems are trying to get secure, and some people are waging war against cyber-based threats but it seems that they can't do much. It's been all bad news all week.

One thing that you might have never thought of is that security software can help hackers. Well, it can, and this is quite a nasty situation. Anti-viruses and firewalls, just like any software has flaws and bugs - hackers can exploit these to take advantage of your computer. However, some software may better defend itself against hack attacks - for example, Kaspersky got a huge score at a recent test. It was installed on a virtual machine and then 33 hack attacks were run against it, out of 33, only one succeeded, fact which means it's 98% capable of defending itself. This is a great score, since no other anti-virus achieved such a great rating. But that was one of the few good news items this week.

The week started off as bad as it could. Storm was in the news on Monday - I write so frequently about this virus and its botnet, that I think I should have a new category labeled "Latest on Storm". In any case, things are only getting worse with this threat as now it's not just e-mail borne but it also infects sites, you visit the "sick" webpage and Storm will infect your machine. It has to be the worst thing this year! Here's this week's material on Storm.

Also, as if things weren't bad enough with security software vendors being overrun, the Police went and arrested an innocent. They thought he was a cyber-terrorist or something like that, when the poor guy was just a server administrator. No wonder it's so hard for them to catch cyber-criminals when they lack so much skill in properly tracing an IP.

On Tuesday, I had a material about how malware just keeps getting worse, and it was all based on a research by IBM. But I guess you don't need a study to tell you that. Just by reading the news, you can tell that things aren't getting better. Anti-spam programs are ineffective and OpenOffice has been disclosed with vulnerabilities - these two were titles from Tuesday as well.

On Wednesday, we found out that two firewall programs have been disclosed with vulnerabilities that can help malicious users hijack your machine. One of them was Kerio and the other was Outpost Firewall Pro - I had used them both on my computer and had been quite satisfied with the way they work, but it seems that they make you more vulnerable than safe.

I think that my favorite piece of news this week was the one about the ridiculous security measures that have been found on the web. There was even a contest about the most ridiculous CAPTCHA ever. And after seeing some downright stupid security measures, I ask myself - what's the use of deploying a good security module involving some code that can't be deciphered if no human can spell it. CAPTCHA is made to keep bots at bay, not to render humans unable to create accounts. Some security measures make me laugh!

Also, facts show us that hackers are worse than drug dealers. Sure, no hacker will ever attack you in a dark alley or carry a gun to frighten you, but more money come out of cyber-crime than from illegal drug distribution. It's a business worth more than $100 billion. Just think about the number of malicious users that are causing financial damage - you just might be one of them, if you ever downloaded pirated software, copyrighted music or movies!

Then, on Thursday, even more facts hit us hard, as if the previous bad news wasn't enough - a study shows that security breaches are two times more severe this year than they were the previous two years. Breaches haven't grown in number, but hackers do a lot more damage than before.

Things look bad enough now? Wrong, not yet, because even more bad news came in on Friday. GNUCitizen has discovered that PDF-files can be exploited by hackers to screw up your Windows pretty bad, without you being able to do anything - open a PDF, and that's it, you're vulnerable. It is a highly critical vulnerability that is yet unpatched.

This week's hottest piece of news was also not good - F1 secrets leaked on the web, on a site belonging to the FIA, the same organization that fined McLaren, now disclosed sensitive info, due to carelessness. That just says it - this is clearly "insecurity week".

And here's this week's piece of advice:

Sometimes you're vulnerable and can't do anything about it. No updates, no security measures...nothing seems to work. In that case, deploy a good old fashion security method that always worked. When you feel that a hacker is tampering with your machine, and you can't fight him - yank out the network cable, and you're safe! That's a barbaric method to stay secure, but hey, at least it works!