THE BLOG
10/02/2014 04:47 pm ET Updated Dec 02, 2014

Infection Point: What Shellshock Tells Us About the State of Consumer Insecurity

By Neal O'Farrell, Security and Identity Theft Expert for CreditSesame.com

Nothing's secure. Believe in that mantra and you have at least a decent chance of avoiding becoming the next victim of a data breach, PoS attack, drive-by download or any one of the other many cyber threats that stalk us all daily.

Shellshock is a reminder of that. In case you hadn't heard, Shellshock is a recently discovered vulnerability that may have left millions of web servers and other technologies vulnerable to all kinds of hacking threats for more than 25 years. It was discovered by accident only recently, yet within hours of the discovery being made public, businesses around the world reported being hacked.

Shellshock is a reminder of just how vulnerable so many technologies are, partly because of their complexity, but also because no one's bothering to check if they're really secure. And those lapses leave us all exposed to all kinds of infection threats every second of the day.

Software Vulnerabilities

Like too much unpatched software. Millions of businesses all over the world are using thousands of different software programs, some of them more than a quarter of a century old. No one knows what kinds of vulnerabilities these programs have because no one's really looking. Except maybe hackers. And in many cases, the businesses don't even know what software they have installed, who installed it and if it's ever been updated.

Infected Websites

There are also way too many infected websites. It's estimated that every single day another 30,000 websites are hacked. The main focus of the hackers is to plant malware on those websites that will in turn infect any visitors to those sites. So why go to such lengths? Because hackers have realized that many users are increasingly cautious about clicking on attachments to emails, or links in them. Hackers simply had to find other ways to spread their malware. So think about it -- the next time you visit a website, any website, will you be the next to be infected?

Infected Point-of-Sale Systems

There are too many infected point-of-sale systems. Most of us can hardly go through a single day without an encounter with a point-of-sale or PoS terminal. Whether it's shopping for groceries, filling up at a gas station or fueling up at Starbucks, PoS systems are key to commerce and our lives. Which is why they're such a massive target for hackers.

Thousands of retailers now have point-of-sale terminals that are woefully insecure. Most of them can be accessed remotely with just an admin password. If that admin password can be cracked because it's weak, or employees with access to that password don't protect it well, hackers can easily upload malware that can steal credit and debit cards.

Which is exactly what happened to Home Depot, Target, Neiman Marcus, Michaels Stores and thousands of other retailers. We don't know precisely how many stores are vulnerable, but we do know most probably are. Which means you take a significant risk just paying for anything anywhere with a credit or debit card.

Antivirus Software Not Enough

To cap it all, there's not enough infection protection. There's growing consensus in the security community that today's consumer antivirus software is not capable of detecting the increasingly sophisticated malware it's supposed to be protecting your computer from. Some studies have found that the antivirus software that's on your computer right now might only be able to detect around 10% of the most sophisticated malware -- the stuff that can really hurt you.

And to make sure your antivirus software can't detect their malware, hackers are using third party testing services to test their malware against all the most popular antivirus programs until they're satisfied it can't be detected.

So no matter where you go, on the internet or in your local neighborhood, you're either directly vulnerable to malware infection or you're vulnerable to systems that can be hijacked by malware.

Neal O'Farrell, Credit Sesame's Security and Identity Theft Expert, is one of the most experienced consumer security experts on the planet. Over the last 30 years he has advised governments, intelligence agencies, Fortune 500 companies and millions of consumers on identity protection, cybersecurity and privacy. As Executive Director of the Identity Theft Council, Neal has personally counseled thousands of identity theft victims, taken on cases referred to him by the FBI and Secret Service, and interviewed some of the nation's most notorious identity thieves.