|
|||||
|
3. Insecure websites – XSS and CSRF attacks/malware It’s quite a hard to say which website is vulnerable and which is not. Or if you want, you can consider every website as vulnerable, because vulnerabilities such as XSS can be everywhere. All dynamic content can be the source of the various security issues. But don’t be scared, just think reasonably and if you visiting just well known websites you should be fine. Continue reading Top 10 threats on the web 2 of 5 Even today there are many web surfers who don’t pay enough attention to internet security. That should change and in this article we collected top 10 issues which should be well known by common internet user. Some of the next few tips are often discussed anywhere on the web in discussion boards, but the point of the problem is by many readers missed. The next few lines should give you an easy intro to the most common web threats. 1. One password in all your web application accounts Passwords in web applications is certainly one of the most discussed topics. Using just one unique password in all web application accounts is common for many web users. That’s not a surprise, since there are tens of accounts in using by one person. To remember so many unique passwords is a challenge. But this way has very overlooked cons that are missed by many people. If somebody got password to any of your web account, he would get password to all of your accounts.
Simple passwords can be decrypted in a few seconds Take a look at random discussion board on the web. If you want to register yourself to one of them usually you need to type e-mail address, where you obtain the activation details. The problem is if an attacker get a dump of board database with user credentials. A simple script can extract all e-mail addresses and sell them to spammers. And/Or he can try to decrypt all user passwords in database. If he succeed, there’s no problem to login to e-mail addresses with these passwords. If an user used the same (and simple) password to his e-mail account and discussion board account, the attacker got user’s e-mail account. Every task in this process is, of course, automated using the simple scripts. In the beginning of 2009 something similar happened to phpBB.com, when hacker obtained the database with over 400 000 registered users. Useful information: |
|||||
|
Copyright © 2012 WinIntSoft.com - All Rights Reserved |
|||||
