How To Flush Your Business Down The Tubes In A Few Minutes

Starting and running a small business can be fun, after all you control your own destiny. Another way to say this is you are now responsible for ABSOLUTELY EVERYTHING.

That's ok you say, I'm smart, I'll figure it out as I go along.

This is a pretty good method for some things, after all you can't possibly know everything all at one, but for some things, this could mean the end of your business in just a few minutes!

Let's pretend just for a moment:

Imagine you are about to meet with an very important potential client, before you leave home you do some last minute checking and discover to your horror that there is something horribly wrong with your laptop - it doesn't boot up normal, in fact from what you see on the screen, it doesn't boot at all.

But you're smart right? So you reschedule the appointment and bring your laptop to your favourite friendly trusted computer specialist.

Then you get the call - your laptop has been hacked. Your data is gone! Your friendly computer geek, as good as she is, can not tell you if your data was sold, stolen, made public or just destroyed.

Your data is gone! Everything! Months of work have been lost! This can't get any worse! (Yes it can)

Did you have any customer sensitive information on your laptop; credit card numbers, bank account info or even just some frankly unflattering notes you made that were intended to be private?

Is this scenario really possible? How likely is it to happen? What can I do to prevent such a career ending nightmare? (very intelligent questions to ask by the way)

Take a look at this video discovered recently on the BBC, it's a live demonstration of hacking into a laptop, turning on the webcam and accessing every file on the computer.

This demonstration is possible because of two things:

  1. A compromised website that was visited (do not even need to click on anything to get into trouble).
  2. The laptop used to browse to the website was running software that had not been updated.

Here is the video, after you have watched it we can discuss it further.

In order to perform the demonstration, Mr Johansson had to 1st find a comprised website. In reality he would have likely created a website, that had some vulnerabilities built into it.

This is also what the hacker would likely do, create a website with vulnerabilities and put something on the website that you wanted. Remember their goal is to just get you to view their website, they don't even need you to click on anything to get infected (pretty scary eh?).

The 2nd piece that Mr Johnansson needed was a target machine, like your laptop for instance, that did not have its software components updated. In the example the component was Java, but it could have just as easily been the Operating System that had not been updated recently or maybe even the browser that was lacking an update.

The 3rd piece that was needed is the victim. Someone actually had to browse to the compromised website.


How Can I Prevent This?

(short answer, keep your software components updated)

I would love to be able to say, do this, this and this and you are absolutely covered - but that's just not the case.

In this example, if the Java component on the target machine had been up to date, the hack would have failed. It's important to note that this was just one hacking example on one piece of software, the demonstration could have easily involved an Operating System that was not up to date or many other software components installed on your computer.


Why Does Any Of This Happen Anyway?

It really has to do with time to market, competitiveness & profit. If you wanted 100% rock solid software, the company would have to do much, much more testing as a result the cost would be much, much higher.

The problem is that if you make your software rock solid, you might have charge twice as much and take three times as long to get to market as your competitor, which as any business person knows, means you are dead in the water.

The other problem is software is not static, new features are being added all the time, with each new feature the vendor would have to go through extensive regression testing to make sure that no new vulnerabilities have been introduced. If for instance Microsoft used this approach, we would all still be running Window 95 or maybe 2000.

So the alternative to producing rock solid software is to send it out after certain amount of vulnerability testing. The amount of time they can afford to test before releasing is directly related to what their competitors are releasing. If they come out with a perfect product two years too late, who cares?

And it's not limited to any particular piece of software. Historically as Operating Systems go, Microsoft products received more attention from hackers than Linux or Mac products.

Microsoft also had the lion's share of the market compared to Linux or Mac products, so attacking the big player first would be a logical move.

However, smart phones have changed that market mix. Most smart phones run some version of Linux, so you should expect an increase in effort from the bad guys to compromise Linux systems, especially when people are now using their phones to make purchases and do banking.

The fact of the matter is any software whether it's an operating system or an installed application can be vulnerable.

It's really a game of cat & mouse. A new version of software is released and it is immediately checked by people with good and bad intent to see if there are any bugs that can be exploited. The good guys either patch the software, if they work for the company, or let the company know so action can be taken. The bad guys do something different. And with every new release the same scrutiny occurs.

If one of the good guys finds the problem before one of the bad guys and comes out with an update and you apply the update, you win.



The bottom line is, do your software updates when they are available (don't wait until later). With most software, the update process can be configured to happen automatically or to notify you so you can take action.

The longer you wait to update, the more vulnerable you are, it's that simple.

After all you don't (or shouldn't) wait until your car breaks down before having it serviced, you do the service when it is needed or risk having an expensive repair and the loss of your vehicle.

In this sense software updates are no different.


Related Articles

What You Need To Know About The Heartbleed Bug In 30 Seconds

A Word About Passwords

How Secure Is Your Small Business Network?



What We Do?

Websites 4 Small Business, designs, builds and hosts websites. We specialize in small business websites.

When it's possible, practical and cost effective, we use Open Source off the shelf software to get your site up and running fast. Our philosophy is simple:

Why reinvent the 'technology wheel' at your expense?Cave Man creating wheel

Ok tell me more,...

Who We Do It For?

On the road again
This slideshow uses a JQuery script adapted from Pixedelic
This is a bridge
This bridge is very long