Along with the birth of computing, programs or software were also born that allowed those primitive machines to operate. Although these machines processed the information in a precise way, the truth is that the programs that controlled them were of human development and design, and therefore their code was very likely to contain all kinds of errors.
Over the years, programming errors have been decreasing, thanks in large part to the fact that new programming languages are more flexible and that there is a great deal of information in print and on the Internet about how to operate them.
But unfortunately we can still find many of these programming errors when we execute a program, even the most reputed and with more work in its design, include a series of errors that its engineers are patching with updates as they are discovered or reported by its users.
Vulnerability. Informatic security
Cases such as the Microsoft Windows operating system, the Firefox or Internet Explorer web browsers and many other very popular programs often integrate deep security problems that entail problems with their normal operation, or even present “holes” through which a hacker is well Trained and experienced, he can use it to enter our PC and commit all kinds of misdeeds on it, from tampering with documents to stealing valuable banking or financial information.
What is a vulnerability?
Basically, a vulnerability is a weakness present in an operating system, software or system that allows an attacker to violate the confidentiality, integrity, availability, access control and consistency of the system or its data and applications.
These vulnerabilities are the product of failures produced by the poor design of a software, however, a vulnerability can also be the product of the limitations of the technology for which it was designed.
There are two types of vulnerabilities. The first type is known as a theoretical vulnerability, while the second type, and the one that interests the user, is known as a real vulnerability, better known to all as “Exploit”.
These exploits are known vulnerabilities in applications and operating systems that are corrected through patches or “hotfixs”. Many times it also happens that the version jump is expected to solve this type of problem, thus increasing the risk of attack. In large systems, it is possible that the solution to a vulnerability is corrected by changing some of the hardware elements that compose them.
The vulnerabilities of a software system are the cause of constant problems, since there is no month in which a security problem of this type is not made public. In this sense, there is a kind of bid to disclose vulnerabilities in a competitor’s system, which aggravates the situation for all users, since by exposing the security problem so openly, it is even exploited by hackers and cybercriminals they still did not know him. This is the subject of much debate and controversy.
Types of vulnerabilities in computing
The problem of vulnerabilities is an issue that should not be taken lightly under any point of view, since it can bring us a good amount of dangers, even if we do not use very important data or documents. This problem is really very serious, and it is studied and classified by countless companies and organizations. These same institutions were the ones who came to the conclusion that vulnerabilities can be classified into basically 4 types.
|Review||This type of vulnerability allows the spread of threats without the need for user participation.|
|Important||This type of vulnerability is capable of putting at risk the confidentiality, integrity or availability of user data, as well as the integrity or availability of the processing resources that it has.|
|Moderate||This is one of the easiest types of vulnerabilities to combat, as the risk it presents can be reduced with measures such as default settings, audits, and more. Furthermore, moderate vulnerabilities are not exploitable to their full potential since they do not affect a large mass of users.|
|Short||This type of vulnerability is really very difficult for an attacker to exploit, and its impact is minimal, since it does not affect a large mass of users.|
Each of these classifications lists the hazards of vulnerabilities according to their degree of damage. Among the most prominent vulnerabilities of today, the best known are stack and buffer overflows, “symlink races”, errors in input validation such as SQL injection, bug in the string format, session hijacking and remote code execution. , among other.
The following lines explain more clearly what each of these vulnerabilities consists of.
1. Buffer overflow vulnerabilities
This condition is fulfilled when an application is unable to control the amount of data that is copied in the buffer , so that if that amount is greater than the buffer capacity, the remaining bytes are stored in adjacent memory areas, overwriting their original content. . This problem can be exploited to execute code that grants an attacker administrator privileges.
2. Race condition vulnerabilities
The race condition is generally met when multiple processes access a shared resource simultaneously. In this sense, a good example is the variables, changing their state and thus obtaining an unexpected value of it.
3. Format string bugs vulnerabilities
The root reason for so-called format string errors is the accept condition without validating user input. This is a design error of the application, that is, it comes from careless programming. In this sense, the programming language most affected by this type of vulnerability is C / C ++. An attack perpetrated using this method definitely leads to the execution of arbitrary code and the theft of user information and data.
4. Cross Site Scripting (XSS) vulnerabilities
The most widespread use of this type of vulnerability is the technique called “Phishing”, which basically consists of the impersonation of a real website by another that is not. The user opens his favorite browser and goes to visit a site, but what really happens is that the site he is on is not the real one, with all the probabilities that his password and other login information will be stolen.
5. SQL Injection Vulnerabilities
The so-called “SQL injection vulnerabilities” occur when SQL code that was not part of a programmed SQL code is inserted or attached by some technique. This technique is used for the purpose of altering the proper functioning of an application’s database, “injecting” foreign code that allows the attacker to process data as desired.
6. Denial of service vulnerabilities
The denial of service technique is used so that users cannot use a service, application or resource. Basically what produces a denial of service attack is the loss of network connectivity of the victim of the attack due to excessive consumption of network bandwidth or resources connected to the computer system.
7. Deceptive window vulnerabilities
Without a doubt, this is one of the most well-known and common vulnerabilities among users, especially for those who have been after a monitor for some years. This technique, also known as “Window Spoofing” allows an attacker to display windows and notification messages on the victim’s computer, which generally consist of letting us know that we are winners of a prize or similar situations.
Fortunately, the more modern antivirus systems and the sharper Internet culture that computer users have now made this methodology not as efficient as it used to be.
The security issues that the vulnerabilities cause
As we have seen in dozens of publications, websites and suffered firsthand, these vulnerabilities, also known by many users as “security holes”, are a practically inexhaustible source of problems, since as we can see in the following lines, they are They appear in practically all programs, be they free, open source and commercial software.
Then, it could be considered that the simplest way to define the aforementioned vulnerabilities is that they are parts of the program’s source code that have not been thoroughly written taking into account the global security of an application, and therefore it is possible that a Hacker, or a person with a sufficient level of knowledge, takes advantage of them to compromise the integrity of a computer system, be it a mainframe or a simple desktop PC.
To learn more about this security problem, in the table below these lines we offer you more detailed information about the types of attacks that take advantage of the most well-known vulnerabilities.
|Attack type||Damage that produces|
|Interruption||The damage that an interrupt attack does is basically to make a network resource unavailable to its users.|
|Interception||Basically an interception attack allows the attacking intruder to access the information that we have stored in our system or that we are transmitting through the network to other users of the same.|
|Modification||The purpose of a modification attack is basically to intercept and manipulate the information without being authorized to do so, which causes enormous damages because the company or the user is working with data that is false due to the aforementioned manipulation.|
|Manufacturing||This type of attack is one of the most dangerous, since it has been designed to deceive the user when accessing a website that they believe is legitimate. In this case, a web page identical to an original is created, for example a bank’s site, for which the user enters personal and confidential data that are later stolen for criminal purposes.|
How to avoid being victims of a hacker through a vulnerability
The most dangerous vulnerabilities are those that allow an attacker to execute arbitrary code, which would give him the opportunity to take control of our PC, subjecting it to his wishes or requirements.
There are also cases where a software or operating system installed on a computer may contain a vulnerability that allows it to be explored remotely, that is, through the network. Therefore, an attacker connected to the Internet, by exploring such vulnerability in the software, will be able to gain authorized access to the computer where this program is installed.
These are the main and most solid solutions that we can put into practice to avoid being victims of a hacker:
- Always keep our software updated with the latest patches provided by its developers.
- Implement a firewall and know its benefits and characteristics well
- It is also a good idea not to install any program that we download or obtain from the Internet or any other source, always try to prefer applications that are recognized and have up-to-date support.
- But without a doubt, the tool that will best defend us against this threat is good security software, in the style of AVG or Avast !, two excellent applications with which we will be able to feel very safe.
How to create a security protocol to avoid being victims of vulnerabilities
As we have been mentioning , vulnerabilities are a dangerous subject that must be taken as seriously as possible. In these cases, the best we can do is maintain a security protocol, which although it sounds a bit excessive for users who only use the computer for office tasks, the truth is that it is the best way to prevent any type of incidents in relation to to the security of the data and documents that we have stored on the computer, as well as the transactions that we carry out through banks or online sales stores such as Mercado Libre or eBay.
The best and simplest security protocol that we can implement is the one that implies our control and verification of all the activities that we carry out on the computer. That is why in the following lines we will try to apply a series of security mechanisms that range from control to recovery in the event that an attack has been perpetrated.
This security policy includes protection tools such as antivirus and firewalls , but above all our attention to what we are doing. Basically, this security policy is divided into three parts:
|Prevention||Pay special attention to updating the antivirus, be attentive to the links that appear in emails, Avoid any circumstance in which we may be in danger.|
|Detection||Be sure that we have the appropriate tools to detect attacks. In this sense, it is best to use an antivirus tool that also offers us the ability to detect network intrusions.|
|Recovery||This item implies the creation of backup copies of all our documents, as well as the immediate change of all the passwords that we use for Internet services and others. Unfortunately, when a violation is detected, it is most likely that we will have to take drastic measures, and that is why the aforementioned backup copies are essential to restore the proper functioning of our activities,|
Obviously, of the three items mentioned, the two that we must pay the most attention to are prevention and detection, since once we have been attacked, data recovery can be an unpleasant and time-consuming task. perform, and we will not always be able to return exactly to where we were.
Another point to take into consideration is the forensic analysis, the purpose of which is to analyze the scope of the violation, and the methodology used. Of course, in order to use these tools we must have extensive knowledge, in order to correctly evaluate the information presented by the aforementioned forensic systems.