(http://www.theregister.co.uk/2011/03/16/york_uni_student_data_breach/)
This was a particularly interesting article to read but I wanted to add a little note.
In the article they quoted Aziz Maakaroun from outpost24 as saying:
"To stop this from happening, it is vital that organisations take a more proactive approach to their security by continually scanning for web vulnerabilities which hackers find relatively easy to exploit.”
I agree with Aziz but the question most people are really going to ask is "what benefit do I really get for being proactive."
What we need to remember is that attackers are finding issues with both newly released software and hardware as well as with older systems (legacy systems) that many people are still using.
Some of the vulnerabilities attackers are finding are easy. However, a lot of attackers will put hours of work into their exploits.
So why do we need to be proactive? Attackers are working as hard or harder than we are. We must assume there are weaknesses in our code and find ways to identify and remove them.
However, sometimes vulnerabilities exist within modules we are using and not necessarily in the code we wrote. We must always be aware of reported issues with third party modules being used. The simple solution is to make sure updates are applied as soon as a vulnerability is identified and fixed.
So, recap:
Proactive - Yes
Diligent in our research - Yes
Going above and beyond our normal duties - YES!
No comments:
Post a Comment