Website Hacks and Browser Attacks

Last week we learned about ransomware and socially engineered exploits. We learned to hang up and don’t click. We also learned that it is important to have good antivirus / Internet security software. Putting this all into practice helps your on-line security, but we have to do more to be safe.

When you cruise the Internet, you will be visiting a variety of websites that have all sorts of content: cooking, R/C boats, woodworking, just about any subject. WordPress is one of the most common frameworks for creating a website or blog, and lots of people will use a framework to build their site.

How does that affect you? Here’s an example: Bob might have an interest in cheese. He uses WordPress to design a website dedicated to cheese. And to extend the capabilities, he uses several add-ons. Did he use an up-to-date framework? Is Bob checking to see if his add-ons are secure and up-to-date? Probably not. It is likely that his website will be vulnerable to attack. Unfortunately, there are 1,000s of hackable websites like Bob’s. And hacked websites can definitely affect you.

Intelligent hackers could turn his website into something that will push malware onto other people’s computers, people like you. That malware could infect your browser or your computer directly. Maybe your browser will be hijacked and start downloading all sorts of malware. Maybe the site silently installs a key logger that records all your key strokes and then sends the information to the crooks who eventually use your credit cards or empty your bank account. Maybe the malware is ransomware, and your computer data becomes locked. The point is, hacked websites and compromised browsers can thwart computer security. That is why you can’t rely 100% on antivirus / Internet security software. You have to adopt safe browsing practices.

Keep your browser software, operating system and other software up-to-date. Many antivirus / Internet security programs feature website safety rankings; don’t click links to sites that are ranked unsafe. Hover your curser over a link before clicking to make sure it refers to the proper destination. For instance, if the link is supposed to go to the home page, say www.cheesestuff.com/homepage.html but when you hover over it, it displays www.zygiz.com/whackamole.html, it may have been hacked. Scan files before downloading. Disable stored passwords and erase your browsing history after every session online. Turn on your browser’s popup blocker. Only go to trusted websites, typically well-known commercial or institutional sites. Double check the address before you press enter, some malicious sites take advantage of misspellings in the address bar. If you can, disable cookies in your browser.

In short, be careful on the Internet. A healthy level of paranoia can help keep your computer safe from being hacked.