Posts Tagged ‘vulnerabilities’

Major Security for Major Websites Does Not Always Prevent Vulnerabilities

Friday, May 13th, 2011

Online security threats and system vulnerabilities will always be an issue on the Internet regardless of the amount of security we implement. As the security for major online companies gets smarter the hackers and computer viruses get more inventive as well. This balance is unlikely to disappear because there will always some kind of benefit for people who perform these destructive actions. Whether it is for notoriety, money, or information the effects of these actions require companies to be forward thinking and remain focused on the protection of their users.

caution

Following the largely publicized PlayStation Network Hack a couple weeks ago, two other major websites experienced their own misfortune. For Google it was discovered that their images were replaced with malware and Facebook was also notified that their applications were unintentionally leaking information to third parties. Although these two incidents are completely different with one being pure mischief and the other being an oversight the two cases highlight severe vulnerabilities for major websites.

After weeks of user complaints Google identified that some of their Google Images search results were pointing users to webpages that forced misleading anti-virus scans and security alerts. The attackers apparently infiltrated high trending Google Image search results and planted their own PHP scripts to generate their own malicious content. Once their own PHP scripts were implemented the Google bots crawled and eventually displayed thumbnails for their bogus web pages. When clicked on, the image redirected users to a bad page. Google is currently working hard to remove all of the bad links. For more specific details on how and what was affected visit More on Google Image Poisoning.

Shortly after Google realized their security flaw, Facebook was notified by Symantec regarding their security issue. On Tuesday May 10, 2011 Symantec published that Facebook applications have been unintentionally leaking user information to third parties. Although it is impossible to pinpoint the exact number of affected users it is estimated that the information of hundreds of thousands of users could have been exposed. However Symantec and Facebook state that it is also possible that most of the third parties didn’t even realize the leaks.

The leaks occurred through access tokens which are basically authorization codes that are assigned once a user accepts or grants permission to a Facebook application. Once Facebook was notified of the leaks they implemented the necessary changes which are described in the Facebook Developers Blog. Concerned users can take their own actions to nullify any current access tokens by changing their account password. As mentioned although these leaks were accidental this incident provides a perfect example for the vulnerabilities that websites like Facebook still have even with good security.

Sometimes the bigger the company, the bigger the target. Security should always be a crucial aspect and top priority for any business.  It is not only up to the major websites to try to stay head of the relentless security threats and system vulnerabilities, the individual users should do their part as well by being educated about online risks and by taking the appropriate precautions to remain safe.

Thanks for Reading and Have a Great Day!

Dustin

ComputerFitness.com

Providing Tech Support for Businesses in Maryland