Feb 7, 2017Industry insights,
Understanding online vulnerabilities
As today is National Safer Internet Day, it seemed only right to highlight one of the areas that needs more focus, for us to all remain as safe online as possible.
For most people, when you say the word ‘update’, it will conjure up images of endless mobile phone updates, some that provide a welcome new interface and some that annoyingly remove well-used functionality.
Either way, what’s important to remember is that these updates are a vital way of ensuring your device remains updated and current, with the latest versions of the operating system.
However, with this in mind, not all website owners follow the same set of principles and due diligence when it comes to their own updates and patch management. There is an onus on website owners to take more responsibility for their own updates and patch management; when servers aren’t being maintained in the correct way, it leaves them, and the end user, open to exploitation.
Only last week WordPress content management system (CMS) released an update that addressed four known vulnerabilities. WordPress is well documented to have a higher level of vulnerability, but this latest patch actually fixed a much more serious potential threat that would allow unauthenticated attackers to modify the content of any post or page within a WordPress site with the use of a plug-in.
Okay, so what does all this mean? And how does it actually work?
To understand internet vulnerabilities first you have to understand what’s happening in the background when you open your browser.
Your browser will actually download the various content elements, including images, a logo or plug-ins. All of these content files will be stored on your device in the form of temporary internet files. The nature of downloading content also exposes the user to a small but significant level of vulnerability. In a roundabout way, you are opening a door, albeit for a very short time, to allow the content and website to display.
The risks associated with online vulnerabilities can often be cited via website plug-ins; a piece of software that enables an application or program to do something. A well-known plug-in is Adobe Flash Player, without it, for example, you wouldn’t be able to watch some types of embedded video content. However, if any of the plug-ins you choose to access online are built using an older version of HTML having had no further maintenance updates, it provides the perfect opportunity for a hacker to infect your machine. Then when you click on the website and download the plug-in to your temporary internet files, you will actually be opening a door and leaving it swinging in the wind for a would-be attacker to mooch on in.
At best, this could equate to some nuisance pop-ups with undesirable content. At worst, they could inject a virus that could leave your device inoperable and steal your sensitive data, such as internet banking passwords or credit card details. Either way, it’s a risk that can be easily avoided if website owners appreciate the value of doing regular updates.
A great way to ensure you remain as protected as possible is to only view websites from a trusted source and check your internet browsing settings, making sure they are configured correctly to prevent inappropriate content or websites being accessed.