From ComputerWorld: IBM security researchers claim that hackers are hiding or masking almost all of their Web attacks. JavaScript is still the tool of choice for infiltrating Web browsers. Most users shouldn’t turn off JavaScript, especially students who use tools like webmail, WebCT and TurnItIn.com. So we rely on antivirus and Internet security software that runs on the client-side to screen out these attacks before they can be executed.
Hackers have added more tricks to their toolboxes, because the potential payoff for evading security software and infecting computers can be huge. Encryption is one such tool - hackers often encrypt their programming code so that software cannot easily identify the attack.
As IBM researcher Kris Lamb states, hackers have stopped targeting the operating system and have moved to a higher level of the application stack that runs on almost any desktop and laptop computer that connects to the Internet - the web browser.
So we come back to good old common sense as the user’s best defense against computer attacks.
- Hover your mouse over a web link and inspect the URL before clicking.
- Don’t click URLs in email messages if the links look suspicious.
- Find, install and use good security software. I recommend the free version of Avast for Windows users who need to protect their residential computers.
- If you’re not using your computer at home, turn it off. You’ll burn less energy, and hackers cannot access your computer if it’s not running.
See my earlier posts on security software and attacks from 10 June 2007, 13 August 2006 and 27 November 2005 for more information.
Tags: browser, cloud, computer, crypto, hack, IBM, Internet, Java, PEBKAC, research, search, security, software, student, WebCT
