Leave a comment

Flaw hits 12 million websites: Beware where you browse!

Flaw hits 12 million websites: Beware where you browse!

Most websites you visit - including mine - are running some kind of content management system. A CMS makes it easy to update content on a website without having to edit the site's code directly.

Trust me; when you're posting more than a dozen new pages every day, it's a lifesaver.

There are hundreds of CMS options, but one of the most popular is the free Drupal. It's estimated to be on nearly 6% of all websites, or around 12 million.

That means if it runs into problems, a lot of websites are going to be in trouble, and that's just what happened earlier this month.

Drupal discovered a serious flaw in the Drupal 7 code that could let hackers modify or even take over a site. It rushed out a patch on October 15 to fix the problem, but within seven hours hackers were already launching automated attacks against Drupal-based websites.

Drupal is now telling site owners that if they failed to upgrade within seven hours of the patch appearing, they should assume their site is compromised. Not many websites update their systems that quickly, so millions of sites are at risk.

For you, this means you have to make sure your computer is as secure as possible. You don't know which sites you visit run Drupal or something else, so avoiding certain websites isn't an option - my site doesn't run Drupal if you were wondering.

When hackers get access to a website, they'll add links to malicious sites and programs, slip in malicious ads or even put automated attack code on the legitimate site itself. These attacks affect computers that haven't installed regular updates.

You always want to make sure Windows, your browser, Adobe Flash, Java and other key programs have the latest updates. You also want to be running up-to-date security software to warn you about malicious programs that might try to install.

If you set up an account on the compromised site in the past, the hacker will have access to your email address and password. Again, this is why I tell you to create one password per website. Click here for my secret to making strong, unique passwords.

With all the data breaches happening, it's likely you've changed your passwords recently, and hopefully made them unique. If you haven't, and you like to use one password everywhere, now is the time to start changing them.

Hackers could also use the compromised site's mail system to send you legitimate-looking phishing emails with malicious links. If you're used to getting mail from the site, it's going to be very hard to spot a fake.

Here are some things to look for in a fake email, but generally avoid clicking links that have to do with your account or that would ask for other sensitive information. Visit the site directly to take care of things like that.

Next Story
View Comments ()
Your last chance to get Windows that you actually like
Previous Happening Now

Your last chance to get Windows that you actually like

Instantly make any photo a fun or scary Halloween picture right now
Next Happening Now

Instantly make any photo a fun or scary Halloween picture right now