why complacency is malware's best friend

If our grid is ever brought down by a cyberattack, the greatest contributing factor will be the carelessness and technical illiteracy of front line utility workers.

poking shark

Recently, computers at two power plants were found to have been infected by three viruses that came from compromised USBs, all three easily detectable by up to date anti-virus software, and both infections were easily preventable if the plant operators followed the simplest cybersecurity procedures. If our infrastructure was ever to be the victim of a powerful cyberattack, the exploits' success wouldn't be so much a testament to the skills of the hackers as much as they would be indictments of the shoddy practices by those who simply don't understand how to secure critical systems and don't care to learn. Very few attacks we see out in the wild are truly brand new and very sophisticated like Stuxnet, Duqu, Flame, Gauss, and Red October. Most target unpatched, poorly secured systems with easily exploitable administrator accounts or out of date servers and database engines, attacks on which have been all but automated by simple PHP scripts. If you're wondering how Anonymous can topple site after site during an op, now you know.

For example, take the pillaging of Stratfor. How did Anons get into their system? By using easily crackable default passwords and reading databses that were never encrypted. What about the huge data leak from Sony in which hundreds of thousands of accounts were compromised? An unpatched server provided a back door. Periodic leaks of credit card numbers from point of sale systems you find at local bars and restaurants? Out of date operating systems exposing admin accounts to external systems as is a typical industry practice. The ability to get into AT&T users' account just by typing the right URL? Total absence of security checks on the company's sites, checks that should've been tested before the sites ever went live. I think you get the point. Keep up with the virus definitions, patches, updates, test your software, don't let external systems run as administrators on your network, and don't stick random USBs into mission critical computers. If you don't follow these elementary practices, you, quite frankly, are begging to be infected and hacked, and considering that we basically live on the web today, that's just reckless.

  archived from wowt
              
# tech // anonymous / cybersecurity / hacker / hacking


  show comments
latest reads

how to endanger the future of space flight for status and profit

CEOs and space faring powers are treating low Earth orbit as their personal playgrounds, much to the horror of space agencies.
how to endanger the future of space flight for status and profit

why your boss is obsessed with a.i. past the point of sanity

Not only is the C-suite not immune to AI psychosis, they seem to be primed to suffer the worst of it as their employees duck and cover.
why your boss is obsessed with a.i. past the point of sanity

why so many of us are just not that into chatbots

AI adoption is at an all time high, but opinion of AI keeps on tumbling with every poll and study on the subject.
why so many of us are just not that into chatbots

no, your chatbots aren't secretly marxists at heart

But they can and do detect and complain about unfair treatment when asked, according to an experiment by Stanford researchers.
no, your chatbots aren't secretly marxists at heart

how the right wing took over social media

Right wing content has a major advantage on social media. But we can do something about that with a very simple change in our habits.
how the right wing took over social media

no, we still don't know why t. rex had little arms

Popular science outlets continue to do a terrible job of explaining studies on primeval evolution and pretending we have answers we don't.
no, we still don't know why t. rex had little arms