Looks like the Mac is finally getting what’s been coming: Mac Malware. And lots of it just recently with the Flashback infection that apparently impacted up to 700,000 Macs. We’ve all heard it from the Mac bigots: One of the main reasons I use a Mac is because of all those viruses and junk on Windows. I can understand that logic. Macs have indeed flown under the radar for years. But now that they’re in the spotlight, they’re a target for criminal hackers and others with nothing better to do.
I could wax poetic over Macs and malware but that’s not what I have on my mind. Instead, it’s all those darned WordPress sites that are un-maintained, exposed to web security threats and waiting to become a part of the web security problem. The recent version 3.3.2 update of WordPress fixes a slew of problems including Cross-Site Scripting and Cross-site request forgery. Sure, these may not be a huge problem to a local bakery or landscaper that maintains his or her web presence on WordPress. Instead, it underscores how many under-secured and flat out mis-managed WordPress-based sites there are on the web.
As the Flashback botnet has shown us, someone with an unsecured website no longer has just a personal problem. It’s creating an Internet problem. Heck, if application security only impacted people and businesses and nothing else, we’d all be out of work. The way I see it is these people choosing to ignore web security threats are creating hazards for the entire web. This is something that’s been impacting Windows systems for years. Now it’s time for Macs to get in the ring.
There’s a universal law that applies to everything we do in life and work: you cannot fix what you don’t acknowledge. Nor can you secure it. If you have your own WordPress sites, bring them under the umbrella of web security testing so you can fix the silly low-hanging fruit that’s waiting to be exploited. Acunetix Web Vulnerability Scanner can help. On top of that, look at some of the technologies like Acunetix’s WP Security plugin that help lock down and monitor WordPress and similar platforms for malware and other web security threats. Whatever you do, just do something.