Monday, December 7, 2015

If you have failed, react

If there is a kind of companies which are compromised by security mistakes, are those dedicated to cybersegurity. It´s like if a car´s brakes stop working, a judge takes an arbitrary decision or a lamp streals light instead of illuminating.   It´s an all levels crisis: corporate, reputational and turnover maybe. Except if they react instantly, as it happens on today´s case  This is one of the four issues that can not go unnoticed this Monday 7th of December. 

It was the McAfee company itself, part of Intel Security, which issued this warning: their companies oriented product Enterprise Security Manager (ESM) shows an authentication failure at admin level. That means in certain circunstances, an attacker could acces to NGCP, which is the username created by default on the first installation, without needing to check the password. The firm has inmediatly published an update patch, and recomends to apply it without delay, but also provides some tips in case you can not apply the update.

You may find this information about McAfee on The Register. And we stay at the same media, as soon as they echo a completely disparate  but equally relevant issue. And also related to "giving answers". The state of emergency in France after Paris attacks may be extended, and this would affect everything imaginable and unimaginable in the field of telecommunications: GPS obligation for all rental cars, expansion of video surveillance, retention of data by carriers for two years, and even knocking down Wi-Fi connections at Parisian cafes for the sole purpose of banning shared connections. The blog itself considers some of these measures "seem nebulous" to the point of impossibility.

Really pretty troubled times to stay appart from cybersecurity. If you want to, you will be given some pretty options: Spanish Redes Zone has compiled the 10 best Linux distributions for ethical hacking and pentesting, from the popular Kali Linux to less known as BlackUbuntu or BlackArch. The idea of these distributions is to provide open source tools to all who wish to engage in such practices avoiding the tedious task of finding one by one all the applications.

Finally, and as we usually do, we provide some reading to delve into this kind of topics. In this case, you will find the State of Cybersecurity report, developed by the University Center for Digital Technology and Art (U-tad). It focuses on the main threats used by cybercriminals in their attacks, response techniques and economic damage estimations, as we may read on the popular Spanish security blog Segu-Info.

None of us are safe from a crisis in our own business. But if we suffer it, the best practice is the one teached today by McAfee: react, being quick and smart. To read, to research and to require authorities some extensive knowledge about these questions are our added and increasingly inexcusable responsibilities.


Post a Comment