http://www.csoonline.com/article/692274/forget-new-threats-it-s-the-old-school-attacks-that-keep-getting-you By Taylor Armerding CSO October 21, 2011 Everybody in IT knows it is a dangerous world out there, filled with an endless variety of cyber attacks aimed at compromising and taking advantage of security flaws. But there is still a persistent lack of awareness of specific threats and how best to confront them, according to Rob Havelt, director of penetration testing for Trustwave, an international provider of information security and compliance solutions. The irony, he says, is that it is not necessarily the newest, scariest malware or hack technique that can compromise an enterprise. "You see people get whipped up into a frenzy about the latest technique that requires all kinds of technical skill to exploit," he says, "while ignoring stuff that has been around since forever. One of the most common things we find on an internal network is bad password policy -- egregious things like 'admin' for an administrative password, or that the system administration password is blank." Havelt wrote most of "Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests," which Trustwave members presented at SecTor 2011 in Toronto earlier this week. He says one of the things he urges IT leaders to realize is that a "tiny flaw," like a master default password for a PBX exchange can be "blown up into something that has a serious impact." [...] _____________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isnReceived on Mon Oct 24 2011 - 00:01:21 PDT
This archive was generated by hypermail 2.2.0 : Mon Oct 24 2011 - 00:09:15 PDT