Corporate bloggers urged to tighten security

Powered by SC Magazine

Network security vendor Network Box has launched a Secure Blogging Guide giving corporate bloggers best practice advice on how to avoid being hacked.

The main threats to blogs are spam left in the comments section, which could contain malicious URLs, and SQL injection attacks that could exploit vulnerabilities in Blogger and Wordpress software, according to Network Box internet security analyst Simon Heron.

"As email becomes more difficult to get exploits through, the hackers are looking for other techniques," he said.

"If you see a link in a blog you're more likely to click on it than in the email environment because there is a greater sense of trust between the blogger [and the reader]."

The guide advises bloggers to restrict user access rights, keep blogging software up to date and check blogs regularly at weekends when attacks are most likely to occur.

Network Box also urges the use of Captcha or other authentication methods in order to reduce the likelihood of spam.

Corporate blogs are increasingly used to deliver marketing messages to customers, and Heron warned that firms must secure their blogs as they would a web site in order to avoid the brand damage that could ensue from a hacking incident.

"It will negate the benefits of a blog if you push out subliminal advertising and also give your customer a virus," he added. "None of the tips in this guide is rocket science and most only have to be done once."

Copyright ©

Top Stories
How hard do you hack back?
[Blog post] Taking the offensive could have unintended consequences.
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
The big winners from Defence’s back-office IT refresh
Updated: The full list of subcontractors.
Sign up to receive iTnews email bulletins
Latest Comments
Which is the most prevalent cyber attack method your organisation faces?

   |   View results
Phishing and social engineering
Advanced persistent threats
Unpatched or unsupported software vulnerabilities
Denial of service attacks
Insider threats