Impeachable Timing

Posted: March 12, 2012 in Uncategorized
Tags: , , , , ,

So just as I start up my new security blog on WordPress with a video where I talk about some of the risks (including malware) of social media, guess what shows up?

You got it! A story about 30,000 WordPress blogs being infected to distribute none other than malware. Here’s a link to the story:

http://www.pcworld.com/article/251374/30000_wordpress_blogs_infected_to_distribute_rogue_antivirus_software.html#tk.nl_dnx_t_crawl

This is really nothing new, of course. Drive-by download attacks have been around in various forms for years. I wrote about the risk in my book a dozen years ago when most users assumed that the mere act of browsing a web site was safe.

Unfortunately, as long as we have browsers with bugs, some of those bugs will result in security vulnerabilities and some of those vulnerabilities will be exploited.

No defense is 100% foolproof but one of the better ones in this area is the NoScript add-on for the Firefox browser. NoScript prevents mobile code such as JavaScript, Java and Flash (inherently avoids the exposure of ActiveX that exists in Internet Explorer) from being downloaded and executed by your browser for untrusted sites.

It does result in some pages not being rendered correctly but you can either temporarily override the block or add the site to your trusted list to get around this issue. It’s more trouble, but well worth the effort in my opinion.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s