(http://www.theregister.co.uk/2011/03/16/york_uni_student_data_breach/)
This was a particularly interesting article to read but I wanted to add a little note.
In the article they quoted Aziz Maakaroun from outpost24 as saying:
"To stop this from happening, it is vital that organisations take a more proactive approach to their security by continually scanning for web vulnerabilities which hackers find relatively easy to exploit.”
I agree with Aziz but the question most people are really going to ask is "what benefit do I really get for being proactive."
What we need to remember is that attackers are finding issues with both newly released software and hardware as well as with older systems (legacy systems) that many people are still using.
Some of the vulnerabilities attackers are finding are easy. However, a lot of attackers will put hours of work into their exploits.
So why do we need to be proactive? Attackers are working as hard or harder than we are. We must assume there are weaknesses in our code and find ways to identify and remove them.
However, sometimes vulnerabilities exist within modules we are using and not necessarily in the code we wrote. We must always be aware of reported issues with third party modules being used. The simple solution is to make sure updates are applied as soon as a vulnerability is identified and fixed.
So, recap:
Proactive - Yes
Diligent in our research - Yes
Going above and beyond our normal duties - YES!
Wednesday, March 16, 2011
Monday, March 14, 2011
Additional links
Sorry this blog hasn't turned out to be very useful yet but I am still trying to get things setup. I wanted to post a few more links for anyone wanting to follow along.
Myspace: http://www.myspace.com/562531339
Facebook: http://www.facebook.com/pages/SecuritySnitch/158507154208289
Twitter: http://twitter.com/SecuritySnitch
Also I have added my RSS feed to the Right content area for easy access.
Myspace: http://www.myspace.com/562531339
Facebook: http://www.facebook.com/pages/SecuritySnitch/158507154208289
Twitter: http://twitter.com/SecuritySnitch
Also I have added my RSS feed to the Right content area for easy access.
Thursday, March 10, 2011
SecuritySnitch News
If you are into tech security subscribe to my RSS or Buzz feed @:
http://www.google.com/reader/shared/securitysnitch.news
https://profiles.google.com/securitysnitch.news#securitysnitch.news/buzz
http://www.google.com/reader/shared/securitysnitch.news
https://profiles.google.com/securitysnitch.news#securitysnitch.news/buzz
Subscribe to:
Posts (Atom)