by Calvin M
*Note: I noticed one of my fellow classmates also read the same article, so I am writing about the part he didn’t discuss about to avoid any plagiarism confusions.
Juliano Rizzo and Thai Duong are security researchers that have built a tool that can retrieve authentication tokens and cookies from websites HTTPS request that can be used to get peoples personal information and private, server-side information from the websites. Last year, these two researchers were able to figure how some people were able to attack ASP.NET web applications that was also able to retrieve people’s personal information and other data. This vulnerability is apparently present in about 25% of web applications using ASP.NET. Because of this vulnerability, Microsoft had to release an emergency patch which fixed this vulnerability in the web applications.
It’s amazing how easy it is to obtain private information from the internet. Websites that we trust to be 100% secure because of the type of information we input in these sites, could have been one of those ASP.NET sites that could be easily attacked. To think about it, 25% is a VERY significant percentage of vulnerable websites. That means 1 out of every 4 sites that used ASP.NET were vulnerable to these attacks. Again, this makes me very cautious about the information that I put out on the internet. Sure, Microsoft may have issued patches for this vulnerability, but like people always say, “if there’s a will, there’s a way.”
I don’t believe that any web application can be 100% free of vulnerabilities. How many times have there been report of viruses attacking email accounts, or even web applications? I do like the convenience of having a lot of services online now such as banking, bill paying, and shopping, but how safe is it when I enter a credit card number or my address to a website? This makes me think a lot about how hard web developers have to work to try to not create vulnerabilities in their websites which can allow attackers to easily access their customers’ information. While building my site for this class, I can’t help to think how easy it could be to create a few lines of code that can actually end up being weak links in the code which can create the opening in my site for attackers to penetrate my customers’ and even my information.
God, the internet is such a scary, wonderful thing.
*Journal Article 3 out of 3*
Schwartz, M. (2011). Https vulnerable to crypto attack.Informationweek-Online, Retrieved from http://search.proquest.com/docview/892938428?accountid=10357 (ABI/INFORM Complete)