eThreats: You’re Not as Safe as You Think
 You eBay. They phish. You Google. They Google hack. You surf with free Wi-Fi. They shoulder surf, gleaning confidential information from your laptop.
It’s inevitable: As long as people use the Internet, others will think of new ways to exploit and profit from it. Somehow, they are able to defy technical security countermeasures,
That’s the nature of "eThreats," as explored in eThreats and Countermeasures: Just When You Thought It Was Safe to Go Out (PDF, 3.1MB). This is the sixth of eight volumes in which CSC’s Leading Edge Forum (LEF) examines digital trust, a strategy for enhancing business value while addressing information risks.
The report explores why large, successful enterprises continue to suffer attacks and breaches despite extensive investments in digital trust technologies. "Even when our digital trust dollars are spent ’perfectly’ – we pass every audit, succeed at every development test, and eliminate all known vulnerabilities – ’there’s nasty things wherever you look,’" says the report. It highlights four of the nastiest:
Cross-site scripting
Cross-site scripting (XSS) enables an attacker to send malicious script, manipulating the code of a Web page and changing how that page appears to the end user. The malicious script can access any cookies, clipboard text or other sensitive information retained by your browser and used with that site. To make matters worse, XSS does not simply threaten the machine you use to surf. "Researchers have discovered ways to completely hijack your Web browser, forcing it to perform all sorts of offensive activities," notes the report.
"For example, simply browsing a Web page can be enough to force your machine to launch a scan against a government computer system."
|
