(The ESPN website was internally hacked last year. The hacker inserted a hidden code to the website. When launched, the code will over-ride the website’s design with several unicorn and rainbow images.)
We have lost counting the number of active websites today, at least those that matters. Because we are not maybe on the alert that as the number of websites grew, so do the casualties. We are talking about the casualties of hacking.
It is clear to us now that hackers do have the capabilities to infiltrate, to deface, or tear down websites. The White House, the CIA, NASA, NATO, Yahoo, eBay, and The New York Times, to name a few, have fallen prey to hacking. The web servers of even the mighty organizations and businesses of the world are vulnerable. Apparently, there are no guarantees to having a hacker-proof website.
You see, we cannot completely find fault with the way the CIA handles its security, as far as websites are concerned. They knew better. It is not so much that website owners were slack or careless. We’re sure, one way or the other, the likes of NASA and NATO have taken some mandatory measures to protect their websites. But, seemingly, hackers get in the way. Hackers are up to the challenge like they are thrilled of the game.
Leave the hackers to their schemes. Let’s take a deeper understanding of the word “vulnerability.” Perhaps our websites are such a delight to them. Is your website a hacker’s delight? Or, what makes your website potentially ‘attackable’?
These are some of the potential risks inherent in most websites:
•Hackers can find exposures in the web server or by exploiting bugs in CGI (Common Gateway Interface) scripts. It is best not to post nude pictures or items that might alter information on which the public relies, such as prices.
•As much as possible, you should not put anything proprietary on the web server, such as internal accounting information. Web systems containing internal data should be segregated on separate servers – a far distance from the hackers.
•Internet services, such as telnet – which gives users remote control over the computer – can open up avenues of attack. It is recommended to use the Web server only for Web services.
•If your website needs to be updated frequently it will require access from the inside by the system administrator. That access, via telnet or another service, constitutes a potential point for a hacker to reach the Web server. This is where firewalls come in handy.
•Websites with no intrusion detection system (IDS) are vulnerable. Many pieces of IDS software have this built-in update capability to detect the newest "attack signatures" – or methods of invading Web sites – used by hackers.