Has the US done enough to combat malicious websites?

Sign the petition for the creation of a Department of Defense agency to combat malicious websites, website hacking, and to increase general computer security across the Internet.

http://wh.gov/lqvr8

As threats to our National  and personal security increase by means of Internet technology we have yet to face this problem with the resources, resolve, and talent, available to us. The United States has quietly stood by while terrorist groups and others have gained more victories; evidenced by recent headlines of high target site hacking. It is time for us to realize the age we live in and devote our full attention to protecting our nation from this clear and present danger.

Combat malicious websitesWhat is our greatest threat?

The number one security threat to the average Internet user and anyone with an Internet presence, by a large margin, remains website exploits of a malicious URL. A malicious URL is primarily a URL which is hacked and a known exploit is uploaded or the user is forwarded to a static malicious website, often effecting thousands by the time the hosting server administration discovers the breach. A static malicious website is a site created for the purpose of hijacking visitors with malicious code. According to the latest statistics there were close to 1.5 billion malicious URL attacks in 2012. To put that in perspective, that is 44 attacks ever second by a visitor going to a malicious URL. What this means for the average user is that there is a high likelihood of clicking on a malicious URL while on the Internet and if you're not re-directed or blocked by some level of protection your computer or mobile device will be compromised.

A never ending battle

Websites have increasingly limited the amount of vulnerabilities inherit in the software and hardware used to serve up web pages and do business on the Internet but the number of vulnerable aspects of web servers remain high and so does the chance that a casual web user will be infected by a malicious URL. Presently it almost impossible to be a hundred percent sure that the link you are about to click on is not compromised; even the sites thought to be the most secure have a number of vulnerabilities that a hacker could exploit. Recent news reports of high target site hacking confirms that there is no safe site. NBC Website Hacked, MIT Hacked, NPR Hacked, Department of Labor Hackedjust to list a few.

Secure programming code has addressed many of the vulnerabilities and software firewalls have established a good line of defense against hacking but there remains a huge abyss in online security allowing hackers a free reign on websites.

Search engines, up-to-date security software, and other security measures, help in warning users or blocking malicious sites but the interim between site detection and notification can sometimes be a long span of time. Often the gap of time between malicious site detection and the implementation of notifying and updating the databases used by the safeguarding controls can be so great that a cascading effect will compromise thousands of unaware users.

The purpose of hacking websites is as varied as the methods used to hijack website visitors and can include information stealing, cross-site scripting, and site take-downs. The motivation of hackers includes political, religious, monetary, and sometimes just for the pride of being able to do it. Regardless of the reason or motivation it is obvious that if someone uses the Internet they must use some type of security as an attempt to protect their computer or mobile device from hacking. Even if you don't keep sensitive information on your device and you are not concerned about your system stability, your computer or mobile device can used to attack other systems, once it is compromised.

The programmer's responsibility

The reality of the problem with protecting websites against hackers is that the burden is on the shoulders of the programmer. Writing code securely and preventing hackers access from easily manipulating your code is a good first line of defense. The majority of hacks use existing code and by eliminating those security vulnerabilities programmers can make it more difficult for hackers to gain control. Programmers can also be proactive in fighting cross-site scripting, ip-spoofing, sql-injection, and other vulnerabilities, by writing sound safeguards in the scripts and code used to deliver web content. While it true that a vulnerability may not be known until it is exploited there are a number of ways to analyze your code and there are also ways to expedite the fixing of uncovered security holes. Programmers should be as earnest as the hackers are at finding security flaws in your code. This includes OS software, database software, server security software, and all the connected and integrated software needed to run a web server and the coding used to deliver the content of a website.

Government's responsibility

It may be time for the Government to take more of a role in protecting its citizens, businesses, and institutions, from attacks by cyber-criminals and terrorists. The Internet is constantly evolving and the Nation, as a whole, is more and more dependent on Internet driven technology. Our world is not the same as it was twenty years ago but our attitudes appear stuck when it comes to facing the challenges of today's technology. Why do we not already have a separate Department of Defense agency whose sole focus is computer intelligence and security? This should already exist as a separate Department of Defense agency because the wars of tomorrow will be fought on the battleground of computer coding. We expect any threat to our National security and well-being be met with equal or greater force and defense whether it is by land, sea, or air; so the same should be true about computer and Internet threats which could also destroy our National security and well-being.

If you feel the United States has not done enough to currently defend us and to adequately equip itself with the tools, information, resources, and programming technology to fight against the inevitable future of threats we face via Internet technology please show your concern by signing a petition for the government to create an agency solely devoted to this purpose. Go to http://wh.gov/lqvr8 and sign the petition for our government to create an agency devoted to protecting us from Internet attacks.

 

by Jim Atkins 'thedosmann"

 

Memphis Web Programming


Sitetags: