Posted by: Amker
« on: 18. September 2007., 17:14:09 »I think that this is all that hackers have been waiting for. Widgets are pretty popular and people like them (I consider this type of applications useful myself), so the disclosure of vulnerabilities in this type of software means that hackers will have a lot of opportunities to be successful in their deeds. But this thing goes for
anything that is popular – when a lot of people have a certain software and a flaw is disclosed, this means
that hackers have a lot of targets from which to pick, and of course, they choose only the most vulnerable ones.
In any case, I’m not saying here that all widgets are vulnerable, it’s just that a report from Finjan states that Microsoft and Yahoo are known to have security issues with these applications. "As Widgets become common in most modern computing environments – from operating system to web portals, their significance from a security standpoint rises."
According to Finjan CTO Yuval Ben-Itzhak, "Vulnerabilities in widgets and gadgets enable attackers to gain control of user machines, and thus should be developed with security in mind. This attack vector could have a major impact on the industry, immediately exposing corporations to a vast array of new security considerations that need to be dealt with. Organizations require security solutions capable of coping with such a changing environment with the ability to analyze code in real time, and detect malicious code appearing in innovative attack vectors to provide adequate protection."
Now, don’t panic, as usual, caution is one of the first rules in security. All you need to do is be careful what you download. Don’t get your widgets from non-trusted 3rd party developers. If they seem fishy, just Google search them and see what people on forums have to say about them. Some widgets may be more vulnerable than others, in particular those that require RSS feeds. I know you probably love those best as they can give you a lot of useful info, but those are just the facts.
Also, these are not critical for businesses, that’s why if you can, you should ban the whole lot of them on your corporate network. Maybe this will slow the working process a bit, but it will certainly take down the risk of being hacked.
(Copyright by SoftPedia)
anything that is popular – when a lot of people have a certain software and a flaw is disclosed, this means
that hackers have a lot of targets from which to pick, and of course, they choose only the most vulnerable ones.
In any case, I’m not saying here that all widgets are vulnerable, it’s just that a report from Finjan states that Microsoft and Yahoo are known to have security issues with these applications. "As Widgets become common in most modern computing environments – from operating system to web portals, their significance from a security standpoint rises."
According to Finjan CTO Yuval Ben-Itzhak, "Vulnerabilities in widgets and gadgets enable attackers to gain control of user machines, and thus should be developed with security in mind. This attack vector could have a major impact on the industry, immediately exposing corporations to a vast array of new security considerations that need to be dealt with. Organizations require security solutions capable of coping with such a changing environment with the ability to analyze code in real time, and detect malicious code appearing in innovative attack vectors to provide adequate protection."
Now, don’t panic, as usual, caution is one of the first rules in security. All you need to do is be careful what you download. Don’t get your widgets from non-trusted 3rd party developers. If they seem fishy, just Google search them and see what people on forums have to say about them. Some widgets may be more vulnerable than others, in particular those that require RSS feeds. I know you probably love those best as they can give you a lot of useful info, but those are just the facts.
Also, these are not critical for businesses, that’s why if you can, you should ban the whole lot of them on your corporate network. Maybe this will slow the working process a bit, but it will certainly take down the risk of being hacked.
(Copyright by SoftPedia)