Yea yea I know it’s been said to us countless times to keep our passwords safe, keep our software/antivirus up to date, etc etc. But it can’t be stressed enough and here is another example.
By now everyone has heard about Heartbleed making big headlines this last May. The major security bug which severely compromised SSL/TLS encryption and giving hackers easy access to one’s login info. However, about 2 months prior to this, there was another major security issue that struck. It that was talked about a lot amongst techs but it didn’t garner near as much publicity. This last March it was reported that around 162,000 WordPress sites had been hijacked, added to a botnet and used in one of the largest DDoS attacks ever.
I’ve heard about many websites like this being compromised all at once before. It is usually sites that are operating behind well known content management systems such as WordPress. Hackers always scan for servers looking for anything to exploit. In this example, they scanned WordPress sites, trying to figure out what version they’re using. If it’s an older version and is well known for having security flaws then you could find yourself being put on an attack list. It is very important to keep things update especially if you are using a well known CMS platform.
In the future I can easily see a similar situation arise amongst people who are still using Windows XP. Microsoft recently stopped providing security patches for their old OS, yet many individuals and companies are still using it. For example, one of my long time friends and my mother are still using XP. I’ve sternly warned both of them repeatedly but they still don’t fully get it.
Let me just give everyone an idea of how foolish and potentially dangerous it is to keep using Windows XP and/or not managed your server. Currently I’ve been developing a server and I regularly keep it up to date, etc. Since the beginning of January, it has been attacked 6 times!! The attacker(s) didn’t even come close to putting a dent on my system but it could’ve been a different story if I were careless. The thing is that the server has yet to be publicly launched and the hackers already know it exist.
Hackers will become increasingly more familiar with Windows XP’s security vulnerabilities and since Microsoft no longer supports it, those are security flaws that will never be fixed. So if you find yourself being IP scanned by a would-be hacker and they discover you’re still using the old OS. They will not only attack you, but they’ll know EXACTLY where to attack you…