In its must read release of Websense Security Labs State of Internet Security, Q1 – Q2, 2009, whitepaper, Websense reveals several frightening internet trends. It seems no website is safe.
For example, Websense reveals a 233% growth in the number of malicious websites in the last 6 months. Seventy-seven percent of sites spewing malicious code “are legitimate sites that have been compromised.” Even scarier, “61% of the top 100 sites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites.” Read more…
Tip #1
Be Paranoid About Password Policies
Every website, computer user and business must develop and enforce strong password policies. Proper password procedures may not alleviate your paranoia but it will help you sleep at nights.
Use totally random passwords.
Let’s face it, many people use low-tech, easy to remember and easy to guess passwords. Some of the most common are Read more…
Tip #2
Be Paranoid About User Input
One of the most security vulnerable areas of the web today is user forms. Websites use forms for all sorts of purposes. Whether you use forms to take orders, receive contact information or allow comments on your blogs or message boards, you need to start with one unbreakable rule: Read more…
Tip #3
Keep your security patches up to date
Security patches exist because someone has discovered a flaw in your operating system, application, webform or configuration. Security patches are a must for open source and well known applications. Microsoft has the largest share of the OS market. Finding a flaw in Windows means a hacker could have access to tens of millions of networks and computers. Big find means big money. The same is true of Open Source systems like WordPress and Joomla. They are not only in wide use, but hackers can access the source code. With the source code available they can look for and test new exploits. Read more…
Tip#4
Be Paranoid About Your Identity
Bots crawl the internet 24-hours-a-day, seven days a week, looking for useful information. These bots are hungry for information and with high speed processing, low security, and unconcerned websites, they get their fill.
Social communities like facebook, MySpace and even Craigslist can provide the opportunities and the information for disaster. Identity thieves need just a little bit of data to allow criminals to reconstruct enough of an identity to get credit cards, loans or access to your bank account. Read more…
