Tips for safer blogging

Just like many other online activities, successful blogging depends on participation, openness and sharing of content. The downside is that blog writers and readers aren’t the only beneficiaries of this philosophy.

Attackers, hackers, harvesters, phishers and spammers get their share too – by violating those principles of openness, mimicking the behaviour of legitimate users to steal traffic, information or intellectual property. Click here to download our guide to safer blogging.

1. Data theft

Your blog is ultimately a website, and could potentially be seen as an enormous database of content about an individual or their business. In addition to the personal or business information that is displayed in posts, your blog might also contain other sorts of content that can be exploited, such as pictures, video and audio files. It is important to consider what information you put onto your blog, and how you might protect it from theft.

2. Involuntary information leakage

Whether you’re blogging in a personal or professional capacity, the material you put on your blog may impact on your work. Some companies have strong policies in place around employee blogs, covering things like classified information, non-disclosure agreements, governance, risk and compliance. If you can be identified through your blog, and you talk about your work or your colleagues or your office, then you might be inadvertently sharing confidential information – check, because it’s better to be safe than unemployed!

3. Targeted attacks

Blogs may be targeted by criminals in the preliminary reconnaissance phase of a cyber-attack. For example, a business blog might reveal the size of the organisation, its employees’ hierarchy, their work expertise and IT expertise. This information might simply identify the profile of the most vulnerable employee. Criminals then use something called ‘social engineering’ to trick those vulnerable people into revealing sensitive data, such as passwords, or access codes.

On a personal blog, offering too many details and personal information could be hazardous. Adding your email address, phone number and home address, together with a picture of you smiling in front of the freshly refurbished cottage, and then promoting your big plans for that long-awaited two weeks summer holiday… well, that’s just like advertising that your house is open for burglars.

4. Vulnerability degrees

Sooner or later, all blogging platforms experience flaws and bugs, which might include log-in issues, cross-site scripting potential (where attackers can gather information you type into your blog) or Java vulnerabilities that intruders can exploit. Blogs can sometimes be attacked by malicious code hidden inside another program such as a banner ad or widget (this is known as a Trojan). The malicious code could be something as simple as a keystroke logger that records everything you type on your keyboard, and sends that information to the attacker. When you connect to the blog to post new content, this sort of Trojan could steal your username and passwords, as well as the range of data you enter when you visit other sites.

5. Spam & phishing

Once an email address is published online, there is a 98% chance that the owner will receive spam. In addition to that, if an attacker gains access to the address book the user stores within his profile, it is a certainty that the addresses will become the target of email spam waves. As part of a phishing campaign, the unsolicited messages could then be used to trick the users into revealing their log-in credentials.

6. Content alteration

Blog posts and comments, as well as video responses can be turned into unwanted adware, graffiti spam or spyware. If this problem isn’t checked, and you don’t have the right security settings, it’s possible for your whole blog to be spoofed or hijacked.

7. Malware dissemination

Many blog pages and online forums could provide an ideal and cost-efficient platform for the distribution of all sorts of online nasties - viruses, worms and bots, Trojans, rootkits, spyware, adware, grayware, rogue security software as well as other malware varieties. If an attacker is able to access an online forum or community, for example, they could easily steal thousands of perfectly valid and active email addresses. They can later employ these addresses to distribute infected files via email attachments. Or, the intruder might just append some code to each member’s page, so that when the user logs in, a bot is automatically downloaded into the system, transforming the unprotected computer into a “zombie” - a compromised machine that is part of a larger net of infected machines, called a botnet, which an attacker remotely controls.

8. Reputation

Sometimes career opportunities may be wasted because a user once posted inappropriate content on his or her blog. Just as you search the Web for details about a product, service or another person, your current or future employer would probably do some research on you too. There are number of cases when people failed at job interviews or lost their jobs because of the uncomfortable disclosures on their blogs, such as offensive comments, pictures or videos. Not to mention that the same rules apply to personal relationships.