Information Security News mailing list archives
Forget new threats: It's the old-school attacks that keep getting you
From: InfoSec News <alerts () infosecnews org>
Date: Mon, 24 Oct 2011 02:01:21 -0500 (CDT)
http://www.csoonline.com/article/692274/forget-new-threats-it-s-the-old-school-attacks-that-keep-getting-you By Taylor Armerding CSO October 21, 2011Everybody in IT knows it is a dangerous world out there, filled with an endless variety of cyber attacks aimed at compromising and taking advantage of security flaws.
But there is still a persistent lack of awareness of specific threats and how best to confront them, according to Rob Havelt, director of penetration testing for Trustwave, an international provider of information security and compliance solutions.
The irony, he says, is that it is not necessarily the newest, scariest malware or hack technique that can compromise an enterprise.
"You see people get whipped up into a frenzy about the latest technique that requires all kinds of technical skill to exploit," he says, "while ignoring stuff that has been around since forever. One of the most common things we find on an internal network is bad password policy -- egregious things like 'admin' for an administrative password, or that the system administration password is blank."
Havelt wrote most of "Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests," which Trustwave members presented at SecTor 2011 in Toronto earlier this week. He says one of the things he urges IT leaders to realize is that a "tiny flaw," like a master default password for a PBX exchange can be "blown up into something that has a serious impact."
[...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isn
Current thread:
- Forget new threats: It's the old-school attacks that keep getting you InfoSec News (Oct 24)