The danger of third parties: ads, pipelines, and plugins
20th July, 2018 By Christopher Boyd
It may or may not be comforting to know that, ultimately, bulletproof security is out of your hands.
You can have the most locked down PC on Earth, have two-factor authentication (2FA) set up across the board, take sensible actions to protect your personal information, and read all the EULAs under the sun. You can do all this and more, and yet still end up being compromised. How? Welcome to the wonderful world of third parties.
Unsurprisingly, everything you use on a daily basis isn’t necessarily built by the same team. Companies buy off-the-shelf solutions to make technical product A send data to obscure server B. A health organisation might rely on a bespoke tool built by someone who left the company a decade ago, and nobody understands how to update the moving parts, so it gets left where it is (potential vulnerabilities and all).
A hacker may avoid going after the main software creator, instead deciding to poison the supply chain, where third-party developers congregate via fake update files.
We’ll take a look at some of the most popular types of “don’t worry, this wasn’t your fault” dangers below.
Full Article.
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.