Exposing Vulnerabilities of websites


The Web security problem has assumed an alarming proportions now that it is known that there were more than 1 million viruses floated during 2007.Also the attackers are innovating newer and more stealthy techniques that tend to target the end users on individual computers via the World Wide Web. Earlier there was a tendency toattempt high-volume broadcast attacks to penetrate networks.

One reason for this is that large network attacks are more likely to be discovered and sorted out but if particular end users are targeted on their own computers or web-sites it is less likely to be detected. Site-specifi vulnerabilities are perhaps the most telling indication of this trend.Site-specific vulnerabilities affect custom or proprietary web-site code. These vulnerabilities are a concern because they allow attackers to compromise specific web-sites, which can then be used to launch subsequent attacks. Social networking sites are a favorite target, as a successful compromise gives attackers access to a large number of people who are likely to trust the site. These sites often expose confidential user information that can then be used in attempts to conduct identity theft or online fraud.

Security experts has been warning that these sophisticated attack had succeeded on a larger scale than many other similar attacks. The viruses works like this. Once they are installed on a Windows machine the malicious code steals passwords, browser data as well as login names for bank accounts and online games. The attack is proving hard to defend against for both sites being hit and PC users who are caught out. This is particularly true of those sites which attract lot of searches such as web based retail shopping sites.

Also gaining in popularity are rootkit type viruses which hides itself deep inside an operating system in an attempt to avoid detection. It looks for vulnerabilities in browsers, instant messaging programs, document readers and media players.

The code installs a small trojan through any one of these loopholes then lies dormant until a user types in data that it is interested in , such as login names for online banks or games such as World of Warcraft. As yet the trojan reinstalled on a PC is not recognised by many widely used anti-virus programs.

much of the problem can be attributed to the web designers as well.Many of the loopholes in coding of the websites have been known to the security experts for years but they have turned a blind eye to it thus leaving a way out for prospective hackers to target these websites.

Ved Prakash,ITvoir network