There Are Just Too Many Vulnerabilities

in #busy6 years ago

Vulnerability 2.png

As an I.T. professional the main source of my technical knowledge and skills is through the internet. There's no better place to hone your skills and gain more knowledge by reading technological articles from the internet.

As time pass by, after more than a decade of working as an I.T. I have found out that there's just too many vulnerabilities present in software and hardware that we use today.

Once a vulnerability is found by security researchers in a software they will disclose it then it will be patched by its developers then another vulnerability will again be found.

It's a never ending cycle of disclosure and patching by security researchers and developers.

Ever since I started working as an I.T. more than a decade ago I always make it sure that I can read some technological articles everyday hoping that it will further hone my craft.

By browsing the internet and reading articles across different websites everyday I have found out that almost everyday there is going to be some vulnerabilities that are going to be found on a certain software by some security researchers.

With that premise it has led me to a conclusion that there's no perfect system or software or hardware. It has also led me to think that intruders or hackers are willfully getting in and out of our computers everyday without our knowledge.

This has also led me to think that our only hope of not getting hacked is when we don't offer big money payout to hackers with the exception of ransomware of course.

Ransomware doesn't need the victim to be wealthy. If you are unlucky enough to receive an email that contains a ransomware payload you'll be in a great danger.

The Vulnerabilities

Few weeks ago researchers have discovered vulnerabilities in Intel and AMD processors. When the vulnerability is exploited attackers or hackers can gain sensitive data from victims.

As an I.T. this is the first time that I heard of a flaw to Intel and AMD processor. Before, I thought that processors are "vulnerability free" until the Specter/Meltdown vulnerability was found on Intel processors.

I know that a computer can be compromised by way of its hardware but not on the processor itself until I heard about Specter and Meltdown vulnerability on Intel chips.

Also, few months ago there are also vulnerability that was found out by researchers on AMD processors that are categorized into four classes namely RYZENFALL, FALLOUT, CHIMERA, and MASTERKEY.

Those vulnerabilities if exploited the attackers can gain access to the victims sensitive information stored on the computer.

With those news that I come to encounter on the internet it has led me to think that every software and hardware that we used today have some form of vulnerabilities. They are just waiting to be discovered.

That's not all, there are also vulnerabilities found on browsers such as Chrome, Firefox, Edge, Safari and Opera in the past.

Microsoft is also not immune to vulnerabilities. Take Windows for example, several vulnerabilities were found and patched and it may not be the last.

Our mobile devices are also not immune. Reports of hacking and vulnerabilities were also reported in the past and certainly be not the last.

Cellular and SMS Technology Vulnerability

Our cellular network is also not immune to vulnerability. SS7 or Signalling System 7 is the technology used by telecoms companies around the world to make calls and text around the world.

Few years ago researchers did perform a proof of concept in intercepting a message sent to your mobile device using SS7 technology. The proof of concept involved a US senator's mobile device to intercept his incoming message.

I know, I know, you are surprised, right? Are you feeling paranoid now? There's more.

Ever wonder how the US Government tracked down Osama Bin Laden? It was through a single phone call made by his so called "super courier" and the rest is history.

Banking Vulnerability

With that premise, it is only normal to hypothesize that our banking system is not immune to vulnerability, attacks or hacking.

Few years ago bank hacking was reported and the attackers stole millions of dollars then the attackers transfer it from bank to another bank across different countries.

Conspiracy Theory

With all those that I read in the internet I have come to one "Conspiracy Theory" that may give you shiver.

Do you think that our banking system haven't had any single security breach? I think there were breaches everyday. But why it doesn't come out on the news?

The answer is simple, if banks allowed it to come out on the news it will hamper their business and the bank itself. So they make it sure that it will not go out at all costs because banking is a big business it is simply one of the fundamental backbone of a country.

Why at all cost? If your bank is hacked and it came out on the news the next day, would you still be going to deposit your money with them? I think not. I would withdraw all my money then deposit it to other bank, plain and simple.

If a banking system breakdown it may bring down the whole country. I believe breaches were always present on banks on a daily basis by a simple reason, bank is money. And they are the best source of money than anywhere else.

It's just they have those contingency plan that the money can always be recovered if ever it goes out of the bank or outside the country where the banks is based.

Believe me, banks around the world got each other's back whenever an unwanted transfer from their banks to another bank ever took place. They simply revert the transaction or freeze the money and that's it.

The only problem for banks is if the money is already been withdrawn in cash. In that case going after the money can be hopeless at times.

If the fraudulent money transfer has not been withdrawn in cash by a person it is 100% that it can be recovered. That's how banks works.

Again, our best hope from being attacked or hacked and have our sensitive information fall into malicious actors is that when we do not offer any gains for them.

That's it for now guys, have a nice day. Good day and take care to all of us.

How I came up with this article

The Hacker News

If you are subscribed to this website you will be surprised on number of vulnerabilities that are coming out on a daily basis.

hackerone

If you want to dive into the field of vulnerabilities head on to HackerOne. hackerone is a bug bounty program designed for security researchers.

On hackerone software owners will award certain amount of bounty to researchers if they found any vulnerability on their software.

Example of prominent companies that offer bounties on hackerone are Uber, Snapchat, Dropbox, Coinbase. Facebook, Google and Microsoft have their own bug bounty program.

Head on to Facebook Bug Bounty for more information on the platform's bug bounty program.

Read this article on how to submit vulnerability on Microsoft products.

For Google products read this article for more information about their bug bounty program.


I am an I.T. professional (Computer Engineer) working in a private company, a blogger, a father and a husband.

Jhon Steemit.png

SmartSelect_20180410-190656_Gallery.gif

Vote @curie @steemgigs @arcange @ausbitbank @busy.witness @cloh76.witness @dragosroua @utopian-io @yabapmatt as witness. Instruction: To vote go to https://steemit.com/~witnesses then type steemgigs at the vote section then click VOTE. If you want @surpassinggoogle or @ausbitbank as your proxy in witness voting type surpassinggoogle or ausbitbank in the proxy section then click SET PROXY.
20180226_191750.jpg

afterglow.png

Sort:  

Congratulations! This post has been upvoted from the communal account, @minnowsupport, by afterglow from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews, and netuoso. The goal is to help Steemit grow by supporting Minnows. Please find us at the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.

If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP.
Be sure to leave at least 50SP undelegated on your account.

Coin Marketplace

STEEM 0.20
TRX 0.25
JST 0.038
BTC 97445.74
ETH 3477.06
USDT 1.00
SBD 3.16