The Vulnerable Software
With the recent hacking on HBO plus the WannaCry and NotPetya ransomware attacks a few weeks back, you couldn’t help but ask how vulnerable a software can be.
In this world where nobody’s perfect, programs written by humans are no exception. These, too, are imperfect. Therefore, no software is completely free of errors or bugs which are cracks that are open to any hacking.
Hackers, like theives, exploit flaws found in any vulnerable software program. A flaw could be any syntax error in the code or a failure to respond to a certain request.
An example of this flaw is the SQL injection. It works on websites that query databases like searching for a particular keyword. The hacker creates a query that contains code using an SQL database programming language. If a site is not properly protected, its search function will execute the SQL command which gives the hacker an access to the database and potentially harm the website.
Another example is the vulnerability in the Java platform. Users are often victimized by downloading plug-ins or codecs. These may contain malicious code that will take advantage of the software’s vulnerability and may compromise the computer.
NOT SO PERFECT DEVELOPMENT
Software development is not a perfect process. Programmers often work on timelines set by management. As a result, developers do their best to design secure products as they progress but may not be able to identify all flaws before the software is deployed or released. Many companies release an initial version of a product and then, when they find problems (or get reports from users or researchers), they fix them by releasing security updates. They are also known as patches because literally, they patch the holes found on the system.
But software companies have to stay in business by improving their programs and selling their updated versions. As the time goes by, they stop issuing patches for the old versions.
Sadly, not all customers buy the latest software and still run old programs that might have unpatched flaws. And that is where hackers find the chance and use that opportunity to attack.
The best way users can protect themselves is to regularly install software updates, as soon as updates are available.