As I rolled over in my sick bed this morning and read my usual incoming daily news messages, one messages immediately stood out: A handful of Facebook engineers had their machines hacked after simply visiting a website that itself had been compromised. In this case, the engineers had no idea that merely visiting the site, (not even downloading anything from the site) they had infected their machines. Here is a recent quote from Facebook on the matter:
"Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day."
Now I hope this will really get people's attention. I posted about this over a month ago (just scroll back) and even though fixes in the form of "patches" have been made, the fixes haven't fixed all loopholes. Millions of people, billions of computers are open and subject to the security loopholes in Java. Since I posted about this, I've deleted ALL Java from my computers and haven't missed it. Yet Java is freely installed in most machines and we get weekly if not daily messages to update it. Java is built into our browsers (phones, tablets and pc's) and basically helps us view certain websites. Java is an old, old code, that in today's world has a lot of security loopholes. Steven Jobs hated Java for this very reason. Most websites use other code (HTML) now for viewing. Even if you happen upon a site that needs Java to open properly, you won't even need it, because it will open just enough for you to understand what you're seeing. For those of you who will argue "Oh but there are patches to fix that" and I argue back "Don't you think those Facebook engineers knew that, and had patches installed on their machines? And look at what happened to them? If you're as smart as a Facebook engineer, then you probably don't need to be reading this blog."
Today visiting websites is like going to a watering hole in the wild outdoors in the jungle. If the water is tainted everyone drinking from it can get sick. You don't even need to download anything. My antivirus warned me about a certain tech website that had been temporarily compromised. Thank goodness! Had I landed on that site, just by merely visiting I too could have been infected. I value my machines. I try to take care of them as often as possible. I'm sure that many of you out there value your smartphones, tablets and pc's too as well. We are compelled to protect our personal information, contacts and identity. Well, today's tech world demands that you'll need to read up and become a little more vigilant about avoiding any mistaken steps into the world of computer hacking and identity theft. Good luck! Feel free to write me back. Now back to sleep I go.
Read the link below from a fellow blogger with more detailed, technical information.
Read the link below from a fellow blogger with more detailed, technical information.
No comments:
Post a Comment