Networks are complex; even the simple ones can be. There are lots of reasons for this. For one it is just mind boggling how much engineering has to go into even the simplest network device. It would take an entire book just to describe in detail how a Raspberry PI works including the circuit diagrams, components, microcode, interfaces and a PI is practically a trinket in computer complexity. Beyond the complexity of the devices though is the number of paths that lead onto the network.
A few weeks ago The Hacker News had an article about how some recently discovered flaws in two popular WordPress plugins. These plugins are used by several million WordPress sites and either could be exploited to eventually gain remote code execution (RCE) on the servers. The article didn't say if the researchers did the "responsible disclosure" thing and notified the authors, giving them time to fix the problem.
In my last blog post I covered some news out of Trend Micro about malware exfiling browser login data. Trend Micro stops short of showing how to decrypt the passwords so I went looking for some code that did the deed but came up short. But I wanted it. I wanted it a lot.
Trend Micro has an article published in December that is super exciting reading if you're the sort of person who gets excited about revealing all of a user's plaintext Internet passwords during an engagement. I am just that sort of person.
You'll find a lot of companies willing to test your external attack surfaces: your website, app servers, VPN appliances, etc (we'd happily do that too). But that is only a portion of your organization's exposure. Your internal network is attackable.
The Internet has become an increasingly integral part of our everyday lives. Consumers access websites from an array of mobile devices at all hours. When a consumer goes to a website, they expect that site to be up and performing properly.
2020 is upon us and if there is one thing humanity has learned throughout its history, it is that if one hopes to succeed in the future they must learn from the mistakes of the past. Lessons learned from episodes of website downtime are no exception to this rule.
Here at Alertra, we often tell our readers to communicate with the pubic whenever their websites experience downtime. We also suggest utilizing social media platforms, such as Twitter, to keep the public updated and informed. What happens, however, when Twitter becomes unreliable?
One might be lulled into a false sense of safety in terms of website downtime when we consider the advances that have been made in technology. The fact of the matter is, however, that protecting your website from downtime is important more now than ever. Yes, technology has indeed advanced and there are now more tools than ever at your disposal that can help mitigate website downtime. The question you must ask is, are you actually utilizing all the tools available to you and do you have a downtime plan in place for your website?