OpenSource For You

Beware of Malicious Shortened URLs

Attackers use the shortened links, which may or may not be legitimate, to lead unsuspecti­ng users to malicious websites that are designed to attack any system using a vulnerable browser.

THE IntErnEt Is now A mInEfiElD oF mAlwArE. EvEry yEAr, HunDrEDs oF mIllIons oF nEw tHrEAts AppEAr AnD CyBEr CrImInAls ArE ConstAntly CHAnGInG tACtICs HopInG to CAtCH usErs oFF-GuArD. SHortEnED URLs HAvE BEComE populAr In rECEnt yEArs As A mEAns oF ConsErvInG spACE In CHArACtEr-lImItED tExt fiElDs, suCH As tHosE usED For mICro-BloGGInG. URL sHortEnInG sErvICEs Allow pEoplE to suBmIt A URL AnD rECEIvE A sEConD, spECIAlly CoDED sHortEnED URL tHAt rEDIrECts to tHE orIGInAl URL. AttACkErs ArE tAkInG ADvAntAGE oF tHIs typE oF sErvICE BECAusE It HElps to HIDE tHE ACtuAl DEstInAtIo­n URL.

SoCIAl nEtworks ArE A sECurIty ConCErn For orGAnIsAtI­ons BECAusE tHEy provIDE An EFFECtIvE plAtForm For AttACkErs to lAunCH tHIs typE oF AttACk. UsErs wHo sEE A lInk postED By A FrIEnD on A soCIAl nEtworkInG sItE mAy BE morE lIkEly to trust (AnD ClICk on) It, wItH lIttlE FEAr oF DAnGEr. CurrEntly, most mAlICIous URLs on soCIAl nEtworkInG sItEs lEAD to wEBsItEs tHAt ArE HostInG AttACk toolkIts.

UsInG mAlICIous sHortEnED URLs CAn BE A vEry suCCEssFul mEtHoD oF AttACk. As morE pEoplE JoIn AnD FrEtuEnt soCIAl nEtworkInG sItEs AnD tHE sopHIstICA­tIon oF tHEsE sItEs Grows, It Is lIkEly tHAt morE ComplEx AttACks wIll BE pErpEtrAtE­D tHrouGH tHEm, InCluDInG tHE usE oF mAlICIous sHortEnED URLs.

SmAll BusInEssEs ArE nImBlE, AnD tHAt CAn provIDE tHEm wItH A CompEtItIv­E EDGE In toDAy’s IntErnEt-BAsED mArkEt. AnD wItH morE AnD morE BusInEss BEInG ConDuCtED onlInE, kEEpInG your sEnsItIvE InFormAtIo­n sAFE Is morE CrItICAl tHAn EvEr.

HACkErs Do not CArE wHAt tHE sIzE oF your BusInEss Is. WHAt HACkErs Do lIkE ABout smAll BusInEssEs Is tHAt tHEy tEnD to HAvE morE monEy In tHE BAnk tHAn tHE typICAl EnD-usEr AnD FEwEr CyBEr DEFEnCEs CompArED to A lArGEr CompAny. UsInG EAsIly AvAIlABlE AttACk toolkIts, EvEn A rElAtIvE novICE CAn InFECt your ComputErs AnD ExtrACt All tHE InFormAtIo­n tHEy nEED to stEAl your BAnk ACCounts' loGIn AnD pAssworD DEtAIls, or stEAl A lIst oF your CustomEr’s CrEDIt CArD numBErs.

WE All usE soCIAl nEtworks AnD so Do CyBEr CrImInAls. THE vIrAl nAturE oF tHEsE soCIAl nEtworkInG sErvICEs mEAns tHAt tHE rIGHt mEssAGEs CAn BE sprEAD wItH lIttlE ExpEnsE. IF tHAt wAsn’t BAD EnouGH, CyBEr CrImInAls ArE prEpArInG to GEt you on your smArtpHonE AnD tABlEts. MAny BusInEssEs now HAvE EmployEEs usInG smArtpHonE­s AnD tABlEts to ACCEss CorporAtE DAtA, But HAvE not yEt ImplEmEntE­D sECurIty polICIEs For tHEsE DEvICEs. A sHArp InCrEAsE In DEstruCtIv­E soFtwArE DEvElopED spECIfiCAl­ly For tHEsE DEvICEs Is AntICIpAtE­D. HACkErs ArE AlrEADy tAkInG notE oF tHIs opportunIt­y to ExploIt A nEw mArkEt.

Everyone loves clicking on links!

THIs Just GoEs to sHow wHy soCIAl EnGInEErIn­G Is As EFFECtIvE In sprEADInG mAlwArE toDAy As It wAs ExACtly tEn yEArs AGo, wHEn tHE AnnA KournIkovA vIrus spED ACross tHE IntErnEt Almost As FAst As tHE tEnnIs stAr’s sErvE.

THE vIrus wAs so suCCEssFul BECAusE, wEll, lEt’s FACE It, EvEryonE wAntED to CHECk out tHE AtHlEtIC BEAuty’s lAtEst pICturE. In tHE EnD, tHouGH, All tHEy Got wAs A mAlwArE InFECtIon AnD A HArD lIFE lEsson: CurIosIty kIllED tHE CAt!

Building trust and securing the weakest links

Always on SSL: CompAnIEs lIkE FACEBook, GooGlE, PAyPAl AnD TwIttEr ArE oFFErInG usErs tHE optIon oF pErsIstEnt SSL EnCryptIon AnD AutHEntICA­tIon ACross All tHE pAGEs oF tHEIr sErvICEs (not Just loGIn pAGEs). Not only DoEs tHIs mItIGAtE mAnIn-tHE-mIDDlE AttACks, But It Also oFFErs EnD-to-EnD sECurIty tHAt CAn HElp sECurE EvEry WEB pAGE tHAt vIsItors to tHE sItE usE, not Just tHE pAGEs usED For loGGInG-In AnD For finAnCIAl trAnsACtIo­ns.

Extended valLdatLon SSL certLficat­es: EV SSL CErtIfiCAt­Es oFFEr tHE HIGHEst lEvEl oF AutHEntICA­tIon AnD trIGGEr BrowsErs to GIvE usErs A vEry vIsIBlE InDICAtor tHAt tHE usEr Is on A sECurED sItE By turnInG tHE ADDrEss BAr GrEEn. THIs Is vAluABlE protECtIon AGAInst A rAnGE oF onlInE AttACks.

You nEED to AvoID CompromIsI­nG your trustED rElAtIonsH­Ip wItH your CustomErs By sECurInG wEBsItEs AGAInst MITM AttACks AnD mAlwArE InFECtIon In tHE FollowInG wAys: ImplEmEntI­nG AlwAys-on SSL. SCAnnInG your wEBsItE DAIly For mAlwArE. REGulArly AssEssInG your wEBsItE For vulnErABIl­ItIEs. CHoosInG SSL CErtIfiCAt­Es wItH ExtEnDED vAlIDAtIon to DIsplAy tHE GrEEn BrowsEr ADDrEss BAr to wEBsItE usErs. DIsplAyInG rECoGnIsED trust mArks In HIGHly vIsIBlE loCAtIons on your wEBsItE to InspIrE trust AnD sHow CustomErs your CommItmEnt to tHEIr sECurIty. GEttInG your DIGItAl CErtIfiCAt­Es From An EstABlIsHE­D, trustwortH­y CErtIfiCAt­E AutHorIty wHo DEmonstrAt­Es ExCEllEnt sECurIty prACtICEs, AnD By protECtInG your prIvAtE kEys.