Thursday, April 23, 2015

INFOSEC greatest blunders

It could have ended badly!, would one say. So today we discovered that 48,000 computers at the Fukushima nuclear power plant are working with the outdated Windows XP operating system, for which there are no updates already. "It could have ended badly!" also when yesterday at the RSA Conference was revealed that a seller of sales terminals assigned exactly the same password to all devices he had selled since ... 1990! We'll also talk about children, and an interesting attack to NSA.

A Japanese government audit has revealed that Fukushima nuclear plant continues using Windows XP operating system, even though it's been almost a year since Microsoft stopped to update it, which represents a serious INFOSEC risk. Unfortunately, this is not news to those who know the status of critical infrastructures around the world, and know that the Japanese plant is no exception but the rule.

We also knew about another huge nonsense yesterday at the RSA Conference: one of the main sale terminals for physical store's salesman have been assigning the same default password to their machines since 1990. The password is 166816 and the worst thing is that 90% of their buyers have never changed it. This opens the door to all mallicious codes, eager to copy the credit cards data entered at these terminals.

By the way, yesterday at the RSA Conference were presented a 9 year-old programmer as a sample of the next generation, which must be educated not only technically but also in values, with initiatives such as HackerHighSchool or HacKid. In the United States it's been news for days a 14 year-old boy making headlines due to the disproportionate response given to his computer prank: he stole the administrator password from his school to play a joke on a teacher and now he's accused of felony punishable by imprisonment.

And we finish today, Book Day, recommending a reading that should appeal to our INFOSEC experts and hackers ingeneral readers: how to detect the new and sophisticated "Quantum Insert" attacks which hijacks browsing sessions, practiced by NSA and British secret service and revealed by Edward Snowden.

And we have some other gifts for today, as a hacked pages gallery, the "The Hacker Wars" documentary or a Symantec report on web threats. We also refer our readers to the @CIGTR Twitter account, to know where to find them.


Post a Comment