We could start to vote for the security breach of the week. We would never be shy of nominees.
What is worse however is that it does not make sense to vote on a corresponding security leak of the week.
Recent analysis shows that it’s almost always failure to implement basic security settings.
The hit list is as follows:
- Weak or initial passwords – note that initial is a weak password. :-).
- Initial passwords and weak passwords for security and administrative access – often stored in unsecured file systems accessible to anybody and their grandmother.
- Missing security patches – average time lags until security patches get implemented range from half a year to a couple of years.
- Running outdated software – especially software and applications that have gone out of maintenance for many a month
- Applications and services that ran without authentication – and can be executed at anybody’s heart’s content
The hall of shame thus can be reduced to:
- Insufficient password policies and their enforcement
- Insufficient and untimely security patching
- Usage of outdated software
One starts to wonder why security researchers invest time in zero day exploits and Advanced Persistent Threats…