WELCOME TO EHOST.COM.NP

Saturday, May 27, 2017

What are software vulnerabilities, and why are there so many of them?

           Add Comments   

ads space

The recent WannaCry ransomware attack spread like wildfire, taking advantage of flaws in the Windows operating system to take control of hundreds of thousands of computers worldwide. But what exactly does that mean?


It can be useful to think of hackers as burglars and malicious software as their burglary tools. Having researched cybercrime and technology use among criminal populations for more than a decade, I know that both types of miscreants want to find ways into secure places – computers and networks, and homes and businesses. They have a range of options for how to get in.


Some burglars may choose to simply smash in a window or door with a crowbar, while others may be stealthier and try to pick a lock or sneak in a door that was left open. Hackers operate in a similar fashion, though they have more potential points of entry than a burglar, who is typically dependent on windows or doors.


The weaknesses hackers exploit aren’t broken windowpanes or rusty hinges. Rather, they are flaws in software programs running on a computer. Programs are written by humans, and are inherently imperfect. Nobody writes software completely free of errors that create openings for potential attackers.


What are these flaws, really?


In simple terms, a vulnerability can be an error in the way that user management occurs in the system, an error in the code or a flaw in how it responds to certain requests. One common vulnerability allows an attack called a SQL injection. It works on websites that query databases, such as to search for keywords. An attacker creates a query that itself contains code in a database programming language called SQL.


If a site is not properly protected, its search function will execute the SQL commands, which can allow the attacker access to the database and potentially control of the website.


Similarly, many people use programs that are supported by the Java programming language, such as Adobe Flash Player and various Android applications. There are numerous vulnerabilities in the Java platform, all of which can be exploited in different ways, but most commonly through getting individuals to download “plug-ins” or “codecs” to software. These plug-ins actually contain malicious code that will take advantage of the vulnerability and compromise the machine.


Flaws are everywhere


Vulnerabilities exist in all types of software. Several versions of the Microsoft Windows operating system were open to the WannaCry attack. For instance, the popular open-source web browser Firefox has had more than 100 vulnerabilities identified in its code each year since 2009. Fifteen different vulnerabilities have been identified in Microsoft Internet Explorer browser variants since the start of 2017.


Software development is not a perfect process. Programmers often work on timelines set by management teams that attempt to set reasonable goals, though it can be a challenge to meet those deadlines. As a result, developers do their best to design secure products as they progress but may not be able to identify all flaws before an anticipated release date. Delays may be costly; many companies will release an initial version of a product and then, when they find problems (or get reports from users or researchers), fix them by releasing security updates, sometimes called patches because they cover the holes.


But software companies can’t support their products forever – to stay in business, they have to keep improving programs and selling copies of the updated versions. So after some amount of time goes by, they stop issuing patches for older programs.


Not every customer buys the latest software, though – so many users are still running old programs that might have unpatched flaws. That gives attackers a chance to find weaknesses in old software, even if newer versions don’t have the same flaws.


Exploiting the weaknesses


Once an attacker identifies a vulnerability, he can write a new computer program that uses that opportunity to get into a machine and take it over. In this respect, an exploit is similar to the way burglars use tools like crowbars, lock picks or other means of entry into a physical location.


They find a weak point in the system’s defenses, perhaps a network connection that hasn’t been properly secured. If attackers can manage to gain contact with a target computer, they can learn about what sort of system it is. That lets them identify particular approaches – accessing specific files or running certain programs – that can give them increasing control over the machine and its data. In recent years, attackers began targeting web browsers, which are allowed to connect to the internet and often to run small programs; they have many vulnerabilities that can be exploited. Those initial openings can give an attacker control of a target computer, which in turn can be used as a point of intrusion into a larger sensitive network.


Sometimes the vulnerabilities are discovered by the software developers themselves, or users or researchers who alert the company that a fix is needed. But other times, hackers or government spy agencies figure out how to break into systems and don’t tell the company. These weaknesses are called “zero days,” because the developer has had no time to fix them. As a result, the software or hardware has been compromised until a patch or fix can be created and distributed to users.


The best way users can protect themselves is to regularly install software updates, as soon as updates are available.

ads space

 

ADS SPACE

0 comments:

Post a Comment

Categories

Article How-to All Posts WordPress Android Web design Blogger Plugins CSS Google JQuery Plugins Programming Reviews Web Hosting Blogger Blogging Blogging Tips Tricks Web Development Facebook Git Internet Make Money Online Social Plugins Tips Tips and Tricks Tools Tutorials Windows WordPress Plugins Blogging Tips and Tricks Freebies GSM Google Analytics HTML How To's JavaScript Plugin Development S.E.O SEO SMS SmartPhone Social Media Tips amp; Tricks Top-Most Updates Webmaster Tools Whatsapp Applications Apps Blogger Basics Documentary Downloads Entertainment Gadgets Games Gmail Google AdSense Guest Post IPhone Make Money Blogging SVN Security Softwares Web Hosting Tips and Tricks Wordpress Tips Wordpress Tips and Tricks hostgator iOS Advertising Networks Advertising Technology Affiliates Antivirus Audience amp; Traffic Biography Blog post Blog post Blogger Blogger Errors Blogger Tips Blogger Tools Blogger Widget Blogosphere Bogger Widgets CSS selectors CSS symbols CSS3 Computer amp; Internet Content Writing Coupon Codes Data amp; Analytics Deleted blog Design DoubleClick for Publishers Email and newsletter marketting Email marketing Excel Tips Excel Tips and Tricks Facebook Tricks Feed Feedburner Feedburner subscribers Font Fun GitHub Giveaways Gmail primary inbox Gmail tabs Google sign-in Guides HTML amp; CSS HTML5 Infographics Inspirational Instagram Internet Marketing Internet Tips amp; Tricks Job Listings Knowledge Life Hacks Lists Make-Money Monetization amp; Conversion Monetize Navigation Online Marketing Other PHP Tutorials Passport Publishing amp; Content Quotes RSS Sidebar Smartphones Social Networking Status Tech Tech Blog Technology Telegram Themes UI / UX User Psychology amp; Research VB.Net Web Tools Web browser Widget Windows Tips Windows-10 ad viewability admin notice blogging tools bluehost cherry-pick clone cors custom scrollbar customizer dismissible notices duplicate post feed title git branch git clone gpg gpg2 hybridauth iPad icon font notice responsive wordpress theme same origin policy scrollbar signed git commit smartsvn theme customizer vcs wordpress theme wordpress themes

Blog Archive

Contact Form

Name

Email *

Message *

Copyright © Sync Media