I am not one for running around like a headless chook at the first sound of a threat on the internet or a virus, Â trojan et al.
Butt I am seriously concerned about something that has been around for a while but with some other happenings seems to be something to take more seriously. That is malware (or spyware) being inserted into traffic and then been loaded into your browser by third parties. Given that browsers and operating system are just as likely to have large security holes that allow things to happen it is not inconceivable that by inserting some JavaScript, Flash or other assets into a data stream that you would find your system infected with a number of nasty widgets.
Unfortunately it would seem that the US NSA is already doing this and if they can do it then any government can/will and it is not a stretch then for organised crime to infiltrate a main data centre and also inject traffic into information that you are downloading from a totally different site. See the article at IT News Australia or just do a few google searches if you understand the way the internet works even a little you will have your breath taken away!
Ultimately, the message is clear: nobody, not businesses, governments, or individual users should ever use non-encrypted communications over the internet for any purpose be it web browsing, service or social media logins or webmail.
Read more:Â IT News Australia
Now, I hear the bloke up the back say that browser are ‘sandboxed' from your main system and that the risk is really slight. Well let's have a think.
- You could be downloading some software from a trusted source for installation the file could be modified and/or replaced without you knowing.
- Using security holes (nah there aint any of them are there!) your browsers behaviour could be changed so that private information is sniffed by the people wanting to know these things
- Information could be easily planted onto your computer that could make you out to be a criminal, paedophile files could be placed into your browser history easily which could then be discovered by a search warrant.
- Your credit card numbers, including pins, CCV etc easily sniffed
- Passwords .. well you do know that they go up to the remote in plain text by default huh
So for my sites I have purchased SSL certificates so that all communication is secure to/from Jenolan. Standard SSL certificates are now pretty cheap (try SSLS) from now on if a site aint secure you should think about telling them to wake up or don't visit them! Watch yah back.