IT Security Rewind: The Week of May 2
May 6, 2011 | Uncategorized | CyberArk
by Josh Arrington
Today marks the launch of our “IT Security Rewind” blog series, with our take on some of the week’s most significant and newsworthy industry stories. Our inaugural post highlights recent breaches and examines highly-exploitable vulnerabilities in common software and systems. Let’s take a look at this week’s Rewind:
- Above the law? When it comes to maintaining order and preserving safety, police officers are typically considered a first line of defense. Unfortunately, that doesn’t necessarily mean that their crime prevention technology is impregnable to hackers. As one security consultant proved, it is possible to exploit vulnerabilities in their equipment, specifically a police cruiser’s digital video recorder system. The consultant was able to exploit the hardcoded, default password in the system’s FTP server to gain access to the DVR’s controls and manipulate its use. Just another example in a long line of recent breaches that illuminate the vulnerabilities present in a large number of seemingly innocuous targets (think: digital copiers and scanners, video conferencing systems, and well, police cruiser cameras).
- Don’t ignore ERP: Along those same lines, enterprises beware: According to Dark Reading, another one of those often-ignored network targets susceptible to attack may be your company’s ERP system. According to the report, these systems are often ignored and left vulnerable by unauthenticated attackers that can leverage embedded credentials, like hardcoded passwords, to enter a system and steal sensitive information.
- Passwords at risk [again]: Speaking of lines of defense—how upset would you be if you proactively used a secure password storage service, but then discovered that all of that critical information may be compromised? One of those services, LastPass, is urging their users to change their network passwords after detecting a network anomaly.
No matter where or how data is stored these days, one thing is clear—you need to stay on guard.
That’s this week’s IT Security Rewind! What was your take on the news?