http://www.darkreading.com/database_security/security/app-security/showArticle.jhtml?articleID=225200102 By Ericka Chickowski Contributing Writer DarkReading May 25, 2010 The rampant use of default passwords within live database environments continues to plague the security of enterprise data, researchers say. "It's a problem that has been around for a long, long time," says Alex Rothacker, manager of Team SHATTER, Application Security Inc.'s research arm. "A lot of default passwords out there get installed when you deploy a database, you install an add-on to it, or even if you install a third-party application that uses the database." As he puts it, the problem of default passwords lingering in the wild has built up during the years as a result of cumulative errors by both vendors and database administrators. In the past, the majority of vendors had no compunction about pushing out installers that automatically created default accounts to expedite the deployment of new databases, add-ons, or applications on top of the database. "In order to perform some of the installation functions, they need to create database accounts, and some of them simply go and create an account and put a default password on it that's well-known to the whole world," he says. Meanwhile, users did nothing to clean up these default accounts once installation was complete. Rothacker says the situation on the vendor front has improved considerably in recent years, but default passwords continue to be a problem for a number of reasons. [...] _______________________________________________ Best Selling Security Books and More! Shop InfoSec News http://www.shopinfosecnews.org/Received on Tue May 25 2010 - 22:46:22 PDT
This archive was generated by hypermail 2.2.0 : Tue May 25 2010 - 22:50:38 PDT