DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones AWS Cloud
by AWS Developer Relations
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Partner Zones
AWS Cloud
by AWS Developer Relations

Trending

  • Clear Details on Java Collection ‘Clear()’ API
  • Cypress Tutorial: A Comprehensive Guide With Examples and Best Practices
  • Testing Applications With JPA Buddy and Testcontainers
  • How to Handle Secrets in Kubernetes
  1. DZone
  2. Coding
  3. Languages
  4. 5 Security Threats Worse than Shell Shock

5 Security Threats Worse than Shell Shock

Rick Delgado user avatar by
Rick Delgado
·
Dec. 04, 14 · Interview
Like (0)
Save
Tweet
Share
9.14K Views

Join the DZone community and get the full member experience.

Join For Free

The tech world was in a panic recently due to security threats that were hyped up to be digital pandemics. The first big one was a bug codenamed Heartbleed, which exposed a weakness in the popular OpenSSL cryptographic software library. The more recent threat was a bug called Shellshock, which exposed a vulnerability in the UNIX Bash shell.

These issues left IT experts scrambling for solutions to patch-up holes before it was too late. For the most part, they’ve gotten a handle on things, and vendors are continuing to rollout updates. However, these recent attacks beg the question as to whether the worst is behind us, or still ahead.

Unfortunately, it seems to be the later. With newer devices, technology and software, the threats are going to change and hackers will improve. Already we see this beginning to happen. And while Heartbleed and Shellshock were pretty serious, there are other risks that could pose even greater threats to security.

Kidnapping Mobile Devices

It may sound odd, but one danger facing company security is digital kidnapping. Attackers could access mobile devices, lock them and hold them for ransom. By hacking a user’s device, like a smartphone or tablet, attackers can render it useless, unless companies pay the fee to have access restored. Depending on the importance of the data, ransom amounts could be small, or astronomical. Worse, there’s little that can be done to resolve the problem. If companies fold and pay the ransoms, it’s an open invitation for others to follow suit.

Point-of-Sale Systems

Another serious threat that has already hit major retailers, like Target, is weaknesses in point-of-sale (POS) systems. POS systems are the point at which a customer makes a payment in exchange for a good or service.The majority of retailers rely on third-party vendor POS systems, which supply many different clients at once. Should a vendor’s system be compromised, it could infect multiple retailers and their operations.

ICMP Protocol

One reason Heartbleed was so serious was it attacked the OpenSLL library used by many websites. However, there’s an even more common protocol that could be exploited. The Internet Control Message Protocol (ICMP) is the most used protocol in networking technology. It’s commonly used for diagnostic purposes or error reporting. Flaws in the protocol could allow hackers to determine if targets are online and infiltrate organizations to exploit the protocol for their own needs, like data extrusion.

In-Transit Data

Many businesses are beginning to use cloud-based services. Popular services like Dropbox and Google Drive allow great convenience and collaboration because information can be shared, stored and accessed from almost anywhere. However, there are serious security issues as well. Some services only encrypt data once it reaches the cloud, but not while it’s in transit. As users access or share information to the cloud, there is a moment where information is left unprotected and extremely vulnerable.

Android attacks

This isn’t an insult to android or its users, but one of the most likely attacks against companies could stem from Android operating systems. Over 95 percent of all mobile malware is on Android. With companies adopting BYOD policies, and the popularity of Android devices, they’re making their way into the workplace. The problem is many of these devices are built for simplicity, making them an easier target for hackers. Even worse, once infected devices are connected to company systems through Bluetooth, Wi-Fi or tethered directly, the infection can spread throughout the network.

The most frustrating element of IT security is never knowing where the next threat will come from. Technology is always evolving, and so are those looking to cause problems. And while there is no one-and-done solution, there are many things companies can do. First and foremost, they must make IT security a priority. It’s better to have a preemptive approach and avoid problems, then a reactive one. IT departments should be applying the necessary updates from vendors to ensure they are running the latest versions and aren’t taking chances with firewalls and antivirus software. Also, companies should teach and train employees in the proper IT policies. In cases like BYOD, employees need to understand the Do’s and Don'ts of using their own devices at work, and even when they’re at home. If they follow established IT rules, they’ll avoid the danger spots that lead to compromised systems. 

security IT shell

Opinions expressed by DZone contributors are their own.

Trending

  • Clear Details on Java Collection ‘Clear()’ API
  • Cypress Tutorial: A Comprehensive Guide With Examples and Best Practices
  • Testing Applications With JPA Buddy and Testcontainers
  • How to Handle Secrets in Kubernetes

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com

Let's be friends: