Web Threats Weekly

Online Threats "Exponentially Greater" Than A Few Years Ago

When you've got a website, protecting your organization from liability is clearly tied to protecting your customers. This is true whether you've got 200 customers or 20 million.

This week, we've asked travel and medical insurance providers MEDEX Global Group's Manager of Information Technology, Eddie Jenkins, to provide tips for organizations to protect your online visitors. MEDEX actually does protect 20 million customers, so they've had to incorporate some tough security into their business.

"Just to give you an idea of the challenge, we've got about 500 port scans of our website that we have to review on a daily basis," Jenkins says. "The online threats are exponentially greater than what we were seeing just a few years ago. These days security is a much higher priority."

They recommend a combination of security measures. "We use SSL encryption and don't collect any information except on our checkout page. Our website is scanned daily for hackers, checking for SQL injection or any holes in the code that would give a hacker access to our backend systems. "

And organizations can do even more. "We suggest using policy certifications, and following certain compliance procedures, such as making sure you are Safe Harbor approved. In our case, we also use a certified ethical hacker to test out our applications and make sure they can't be hacked."

Selling the idea of investing in security to business managers in the past may have been challenging for some organizations, but now most businesses recognize the critical importance of protecting end-users to ultimately protect the business, Jenkins adds.

Help Beat The Hackers In 2009. Here's How You Can Help

* Let us know about how your organization is helping keep your website visitors safe and your online safety tips could be featured in the next Web Threats Weekly!

* PCIS is producing webinars in 2009 to help organizations better understand how to identify and prevent web vulnerabilities. If there's a topic you'd like us to address in our webinars, please let us know and we can put it into our webinar series.

* Call us if your organization needs help understanding how to close off vulnerabilities to SQL injection and other hacker threats.

Beat the hackers in 2009. Contact PCIS.

This Internet May Harm Your Computer

A human error this weekend affecting Google’s safe-browsing functionality tagged all websites on the Internet as “This site may harm your computer", meaning all sites were allegedly infected by malware.

The people at Google fixed the problem fast. But no doubt there were quite a few business owners, webmasters and bloggers who got a nail-biting taste of what it looks like when the cyber-criminals successfully manage to get past your security.

(This article excerpted from the Pacific Coast Informer Blog)

February 4, 2009

Web Threats Weekly is distributed by:

* Pacific Coast Information Systems Ltd.

* Boonbox, a division of PCIS

* Contact PCIS

Toll-free 1.877.744.7558

In this issue:

* Online Threats "Exponentially Greater" Than A Few Years Ago

* Help Beat The Hackers in 2009. Here's How You Can Help

* This Internet May Harm Your Computer

* Hacker Bait

* Mythbusters Tip #11

* Spam-Alot

Web Threats Weekly helps organizations protect themselves and their customers from known online threats.

Resources Links

* PCIS / Boonbox IT Security Resources Page

* Online Protection: How To Secure Your Business and Build Consumer Trust (Vancouver Board of Trade)

* Managers' Cheat Sheet For IT Security

* Subscribe/Unsubscribe Instructions below

Hacker Bait

The latest Hacker Bait list contains many famous websites, including those of business, social networks and non-profit organizations that have been found to have vulnerabilities that hackers and cyber criminals could exploit.

Keep in mind that this is not a complete list of all vulnerable sites on the Internet, but only represents websites where vulnerabilities were found within the past 90 days.

These are only the latest additions to an ever-growing club of sites found to be insecure according to various public sources and online tools used in the web security industry.

If you would like more information on our data and why these sites are listed here, please contact PCIS

Hacker Bait Sites With Vulnerabilities Discovered in Past 90 Days

peta.org

monster.com

myspace.com

sears.com

radioshack.com

disneyland.disney.go.com

secure-disneyland.disney.go.com

wrigley.com

aggv.bc.ca

gayvancouver.bc.ca

colbertnation.com

startrek.com

forums.starwars.com

group.hugoboss.com

t-mobile.sk

rubiks.com

gamespyarcade.com

pid.gov.pk

dcmag.co.uk

cadillac.com

Mythbusters Tip #11

“Hackers wouldn't bother with us. We aren't big enough to be worth the effort.”

This myth is based on a fairly common-sense idea: if a target is small enough to be practically invisible, the attackers will go after easier prey. But the Internet doesn't work like that.

If you've got a domain, it doesn't matter if you're Starbucks or No-bucks. You can be found online. As well, hackers now have access to tools that allow them to make simultaneous attacks on thousands of websites in just a few minutes. So the size of your online presence and the effort required of individual hackers to hit you are not really factors anymore.

Spam-Alot

Spammers are linking to blogs, profiles and other pages on these trusted sites to give victims a false sense of security that the links can be followed safely. These sites may not have been hacked, but following the spam links to these sites and clicking on links shown there can result in harm to your computer.

If you would like more information on our data and why these sites are listed here, please contact PCIS

Spam-Alot Websites Exploited Since Jan. 29, 2009

chicagotribune.com

modestclothing.com

adrespatent.com

comcast.net

verizon.net

supermarketguru.com

Boonbox and Pacific Coast Information Systems Ltd.

Boonbox is a division of Pacific Coast Information Systems Ltd., specializing in products for web security, network security, password management and data backup.

PCIS is a Vancouver-based company which provides strategic consulting, application development, technology solutions and managed services to companies and government organizations throughout North America.

HOW TO SUBSCRIBE/UNSUBSCRIBE

SUBSCRIBE: To subscribe to Web Threats Weekly, send a blank email message with subject line "SUBSCRIBE" to informer@pcis.com

UNSUBSCRIBE: If you do not wish to receive future issues of Web Threats Weekly, send a blank email with subject line "UNSUBSCRIBE" to:informer@pcis.com and we will promptly remove you from our distribution list.

WE WANT YOUR FEEDBACK

Our purpose for providing this free service is to keep our clients and business contacts informed of technology developments. This information can help them resolve common problems and achieve their full potential by strengthening their business processes and infrastructure. Your input is important to us and we welcome your ideas for new features and how we can continue to improve our service to you. Send your comments and suggestions to informer@pcis.com or contact us directly at 604.844.7558