Business bloggers must take a series of simple steps if they are
to avoid damage to their firm's reputation and potential liability
for damage to others' computers, according to IT security company
Network Box.
"More than 175,000 new blogs are created every day," said
Network Box internet security analyst Simon Heron. "Of these, 58%
are corporate or professional blogs. As the numbers grow, so do the
potential threats. As blogging pervades our lives, so too do
reports of malware delivered via Blogspot, Google’s blogging
platform, or malicious code embedded in Wordpress."
Network Box said that there are two main threats to the users of
blogs. One is a direct attack on their computers from computer code
that has been 'injected' into the blog itself.
"[SQL injection attacks] can be used to put malware onto a
reader’s computer; or to spam subscribers with a product website,"
said Heron. "Both Blogger and Wordpress have been vulnerable to SQL
injection attacks, and don’t provide enough care when validating
SQL queries."
The other kind of attack is less direct. It is when users of the
blog publish spam in the posts section of the site, with links to
websites they control which infect a user's computer with malicious
code.
"This is where a spammer posts content advertising a product
(typically health or finance products), with a link to a website
that may contain malicious code," said Heron. "Increased exposure
also helps these spammers increase their search rankings for a
short time. Some research claims that as many as two in three
comments left on blogs are spam."
Network Box said that blog publishers should follow some simple
security steps to decrease the likelihood of their blogs infecting
readers' machines.
It said that bloggers should insist that people fill in a
'captcha' box before being allowed to post. This demands that
people look at a picture of characters and input those characters
and is designed to ensure that automated posts are not
successful.
Other actions bloggers should take are general security
measures, such as ensuring the password is strong and not
predictable; restricting access to control of the blog; the
changing of default prefixes for named elements; and the use of a
firewall.
"Once you have your blog working, disable any error messages.
This will reduce the amount of information hackers can glean about
your blogging software," said Heron. "[And] check your blog at the
weekend. The most common time for a hacker to infect a blog is over
a weekend, when the effects won’t be seen until the following
Monday. This gives the maximum ‘window of exposure’ to the
hacker."
Network Box's advice to corporate bloggers is contained in a
guide to safer blogging. Heron said in that guide that the stakes
are high.
"Blog readers are more likely to trust something they read in a
blog they subscribe to, and this applies to clicking on unknown
links. Most of us are pretty used to sharing links to unknown sites
– YouTube videos, or photo albums shared between friends, for
example – and this can lead to complacency that hackers exploit,"
he said.
"At best, the effect is to damage the reputation of the blog
(and the blogger) and to have your blog closed down; at worst, you
could be responsible for infecting the computers of loyal
subscribers. The impact on a company’s reputation can be extremely
negative."
Disclaimer: We hope you find OUT-LAW’s content useful. It’s prepared by the lawyers at Pinsent Masons. Please remember, though, that it’s intended as general information only. It’s not legal advice. If that’s what you’re seeking, please
contact us. See also: our
full disclaimer
