Same old, same old

Posted on by Gerlinde Zibulski

We could start to vote for the security breach of the week. We would never be shy of nominees.

What is worse however is that it does not make sense to vote on a corresponding security leak of the week.

Recent analysis shows that it’s almost always failure to implement basic security settings.

The hit list is as follows:

  • Weak or initial passwords – note that initial is a weak password. :-).
  • Initial passwords and weak passwords for security and administrative access – often stored in unsecured file systems accessible to anybody and their grandmother.
  • Missing security patches – average time lags until security patches get implemented range from half a year to a couple of years.
  • Running outdated software – especially software and applications that have gone out of maintenance for many a month
  • Applications and services that ran without authentication – and can be executed at anybody’s heart’s content

The hall of shame thus can be reduced to:

  1. Insufficient password policies and their enforcement
  2. Insufficient and untimely security patching
  3. Usage of outdated software

One starts to wonder why security researchers invest time in zero day exploits and Advanced Persistent Threats…

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.