Murphy's Law: C-Y-A on the WWW

Posted 10/29/2009 at 10:15am | by David Murphy

0

Comments

Print

What a wonderful world that open and closed platforms have created on the World Wide Web. I can have an untold number of features and applications inserted into my Web browser without having to lift much more than a finger to access them. I can take my favorite Web platforms and expand their usefulness by linking them to other Web-based services. I can even download a variant of my Web browser of choice that bridges the best of two worlds under one new roof: new innovations mixed with standard familiarity.

So, what happens when these architectures fight back?

It's a stupid thing to say on its face, because I don't believe that it's up to a particular program or application to breach your defenses and fight its way into your cyber-life. Most, if not all instances of malware, spoofing, and hijacking (to name a few) can be directly traced to user stupidity in some fashion. Either a person leaves the ol' back door unlocked, fails to frisk the guests as they enter the home, or actively invites a heap of trouble to come on over for a party.

Simplified examples, perhaps, but the underlying fact remains a constant: You are the gatekeeper for your PC. Unfortunately, as we begin to adopt an "everyone's allowed" mindset for Web integration, we're only making it easier for the bad guys to do what they do best. Unfriendly, if not downright hostile bits of malware can be pushed back with but a few simple changes in behavior--are you as security-focused as you should be in today's cross-platform world?

Who Is Your Daddy; What Does He Do?

There's an online network for everything nowadays. And with these online networks come a flurry of registration requests and data exchanges that you feel compelled to answer. I can't count the number of Twitter invites I receive on a daily basis--just for reference, I'm not @veronica or something, but I definitely get enough email to make for a bout of mindless follower-accepting during my lunch break. That's just one platform.

It almost seems silly to type this, as it should come as Web 101 for all but the most inexperienced of users, but I'll say it anyway: Do you always know what you're clicking on? There's a reason why most programs come with a little status bar or helpful pop-up whenever you mouse over a hyperlink. One of the easiest ways to detect a potential link spoof--like, say, one that's been placed in a seemingly innocuousTwitter invite--is to hover your mouse over the link.

If the hyperlink doesn't match up with the actual site in question (like http://208.348.142.555/takin/ur/password.html versus http://www.twitter.com), then you probably shouldn't click on that link. And if you can't detect that I'm being sarcastic, and you really shouldn't click on the link, then it's too late--you've probably already clicked on the link.

Of course, if you're lazy, you could try using a helpful utility to try and make this judgment for you. Firefox's LinkExtend extension aims to do just that--protect you from sites that are trying to steal data they shouldn't. You can also check out TrendProtect for a similar safeguard. Still, nothing is as foolproof as the ol' brain-box. Don't just click accept or ignore on everything that comes in your inbox. Look before you leap, as it were.

On Page Two: The API Skeleton Key to Your Front Door and Third-Party Malware on Your Favorite Web Sites!