Yesterday we have explored cases that are very simple to "nothing" but it may be dangerous in the future. We strongly agreed that we must always do a check before proceeding to click on anything on the web. But today we might forget about it once, twice tomorrow, and three times the day after. It is our failure to not remind that to ourselves, but it is our sin to not educate that to others.
We have two responsibilities throughout this career:
- Develop web applications that are safe; and
- Educate web application users to be safe.
We may be able to easily develop secure web applications by using known web frameworks, but educating our users is a very daunting task.
1. Knowing of the Web
From not knowing what the software does—which is barely possible—to not caring what we do—which most of us do—, they can lead us to regret. Even worse, they can also harm the community. Thus, we need to learn the negatives as much as possible to educate ourselves and other people.
Either Google does not care or the government has poor communication, Reddit is still listed in the search page results although it cannot be accessed by default. The website is considered invalid ever since it was blocked by the government eight years ago.
Netflix had been blocked by Telkom Group for four years. Regardless of their policies, I personally see Indonesian cultures must be preserved. I must admit that some western cultures just do not suit our people at all, since our country was first developed based on religion and morality—although lately many disagree or they just want to revise history for political purposes—. But in the end, they decided to give up and give back their "consumer rights".
The Indonesian government has been actively blocking websites that do not meet our standards. Solely to save its inhabitants from catastrophic. We can get access to the list of domains blocked by our government at https://trustpositif.kominfo.go.id/. As of this writing, there are already nearly 1.5 million domains on the list!
Some websites may escape the government supervision, but that is not what we are worried about. To better understand this situation, we need to learn about website invalidation.
The ministry has spoken that the reason behind it is to provide healthy internet to all residents with the help of community leaders. All suspicious media that do not comply with the ministry's summons within the specified time period will receive a ban on charges of negative content includes privacy issues, pornography, violence, terrorists, malware, phishing, provocation, slander, hate speech, and insults to national symbols.
Despite having pros and cons among residents regarding religion, morality, and law, the incident teaches us that we do not neglect to check carefully on every information consumed. When it comes to emails, we can pay attention to several things;
Clickbait subject is one of the most successful marketing strategy to date. Majority of such emails could not be trusted.
Unknown sender can address himself as anyone, but his email address will tell him who he really is. Although, there was an incident that bad guys once managed to break into the email account of a well-known company in here.
Suspicious body is the most difficult part to investigate. But once we see the pattern, we can immediately recognise it. For example, by looking at the hyperlinks provided;
Is this URL valid? Are we sure that it is Facebook.com? Not one of these—please do not try to access them—: www0Facebook.com, Facebook.cm, and Facebook.om. We can check the ownership of those websites at https://who.is/ anytime to find out whether the sites are owned by Facebook or not.
Are we sure that this is the second part of Naru's Exploring the Web series?
Yes, it was the temporary URL to access the draft of this article. But we need to be aware, sometimes a long URL means something bad.
How about this then?
Uh-oh, that is more suspicious. It may direct us to danger. If we could not be sure, do not be tempted to click on it.
Are we sure this can show a list of the latest articles from Naru?
https://dev.to/search?q=naruaika&run=<script>alert("hello");</script>
Hell, yeah! B-but wait a moment ... Okay, never mind, it is actually safe. Since, to prevent an XSS attack, we saw on the network monitor that it was encoded to:
https://dev.to/search?q=naruaika&run=%3Cscript%3Ealert(%22hello%22);%3C/script%3E
Although it was decoded back afterward by the browser to be displayed in the address bar.
Maybe someone says, "As long as it is HTTPS, we'll be safe." The myth is not true! First, large modern browsers will not accept HTTP by default. But data leakage is still a massive problem. Second, HTTPS only secures the communication data, so no one can extract any information while being transferred. But how about our data stored on the server? Who knows? We can only hope they comply with their own privacy policies which we have accepted.
The number of myths will continue to grow along with misinformation distribution that occurs on the internet, some of which are done intentionally. It is almost every day for the Indonesian ministry to publish on social media about hoaxes.
2. Acting to the Web
Developing web applications is by no mean understanding merely how the software and hardware should behave, but rather ascertaining how the entire system should behave and that includes the brainware. Not only can the users change the states of the software, but also the software itself can change the states of the users.
When it comes to business, there is nothing better than an addictive web application. But developers are still humans. If only we could make a lot of money while keeping people from getting addicted to infinite scrolling or to a pleasure of getting lots of likes. It would not cause immediate vulnerabilities, but will create long-term vulnerabilities.
Especially children, when they begin to realise that virtual worlds are much more fun than real life, they will become easier to trust strangers for personal data exchange. Even though no one has asked them, they would expose their lives to gain public attention.
The events happening on the internet were too chaotic. Too expensive to believe when we happened to choose the wrong source. There are hundreds of people thinking: if I could not penetrate Facebook, let me penetrate its users! They may have been good people once, but a little chance can change a person.
To save ourselves from the negative effects that are sometimes unintentional is to have self-protection;
Trust but verify is a Russian proverb. Meaning that we can show trust on our faces, but please verify everything.
Many people have misunderstood the checkmark in the username or the number of likes on the post. It is all sadly does not represent the validity of a news.
The presenter may be trustworthy, but the news is not. No matter how good he was, making mistakes in finding the right source is not surprising.
The news may be real, but the presenter misunderstood the situation. Just missing one thing can change a person's conclusion completely.
The worst is when neither of the two is right.
As an information technology observer, should we remove the tick and like icons?
Do not read comments is quite controversial. We read comments to improve ourselves, but on the other hand, we do not like hate speech.
Do not be popular is more or less similar. We can share kindness with more people when we become popular. But we do not like to share meanness unconsciously, because it will be arduous to be corrected once it spreads.
In the end, there is not any wrong advice. The only problem is how we take it with a grain of salt.
Conclusion
Web vulnerabilities are defined by two things: web engineers and web users. It can be solved by validation and verification. For web engineers, that means they choose the right technologies and implement them correctly. For web users, that means they trust the right web engineers (or companies) and use their products correctly.
There are only two reasons for cyber crime, said Onno W. Purbo, an information technology expert from Indonesia, they are money and lust. So, maybe if we do not have money and a good face, we can run away? Well, cyberbullying exists even without both, sometimes.
Discussion
The limitation of our knowledge and concern is perilous, do you agree?
Top comments (0)