Wed, 24 Apr 2024 14:28:37 EDT
Ransomware attacks are 100% avoidable.
The proliferation of ransomware attacks has not been caused by an increase in the cleverness of attackers. The ultimate cause is badly-coded application servers. The bad code places client-supplied data in contexts in which the data is interpreted by the shell. This is the cardinal sin of security failures because it allows the attacker to run programs on the host machine.
Examples of attacks that exploit this mistake are described in these blog entries.
The bad coders cannot be held legally liable because all software licenses, whether they are closed source or open source licenses, disclaim liability. The user accepts all risks.
The simple bugs that enable these attacks can be discovered and eliminated through third-party auditing. It is time for webdevs to step up and take proactive responsibility for quality control. Your bugs shouldn’t cost blameless institutions millions of dollars.
Hang your heads in shame.