Internet's Insecurities

Researchers and attackers catalog vulnerable systems connected to the Internet, from videoconferencing systems set to auto-answer, to open point-of-sale servers, to poorly configured database systems.

Quelle: Dark Reading vom 28.12.12

Most security professionals know that they cannot hide their systems in the crowded digital landscape of the Internet, but attackers are searching for -- and finding -- systems that have been misconfigured or have default settings intended to make configuration easier. (...)

Nearly two-thirds of companies that suffered a breach in 2011 allowed hackers into their networks through poorly configured or vulnerable remote access software, according to Trustwave's 2012 Global Security Report. Verizon found a similar trend among its own cases: Attackers gained access to a victim's data by exploiting poorly configured remote access software in 88 percent of all breaches due to hacking. (...)

"There are a lot of badly configured applications and default passwords out there," says Johannes Ullrich, chief research officer for the SANS Institute.

It will get worse before it gets better. Currently, Moore is looking at the universal plug-and-play (UPnP) protocol, which allows devices to configure themselves to automatically work with other network devices. The results so far are grim, if unsurprising: Most devices are using old and vulnerable software.

 "It's surprising to see what versions are out there -- companies are shipping embedded devices using libraries that are five and 10 years out of date," he says. "It's crazy, and it's almost the most popular service found on the Internet."

Wie groß sind die Herausforderungen, wenn Infrastruktur über das Internet vernetzt wird?