Friday, June 2, 2017

Achilles heel

Homer’s Iliad is one of the most important books of ancient Greek literature. In it, the great battle waged by the Greeks and the Trojans was related. In this book appears Achilles, a Greek warrior who was considered invincible, since when he was a child his mother immersed his body in the river Styx. However, he was being held by his heel when her mother was sinking him into the water, so that part of the body remained vulnerable. This small weakness was the cause of this death in the battle of Troy, when Paris managed to hit him with a poisoned arrow.

Thus, an invincible hero perished in combat when he was considered to be immortal. This is a perfect example of everything having its weaknesses, whether it is a heel, a bug a vulnerability. Today in our review of the week we will discover several weaknesses found in the world of cybersecurity.

Because no one is exempt from this type of vulnerability, not even the most evil malware. Some researchers have discovered several flaws in the WannaCry code. This means that taking advantage of these weak points, victims could recover their original data after the infection. Sometimes cybercriminals also screw up.

Unfortunately, those same cybercriminals are experts looking for Achilles’ heels in security systems. And there are many heels uncovered. We have been very concerned about the bug discovered in the FreeRadius authentication system. This bug allowed cybercriminals to log in without any credentials. A very serious example considering that we are talking about one of the most popular companies when it comes to offering RADIUS servers.

However, there are many that, aware of their vulnerabilities, cover their Achilles’ heels. That’s what Aruba did earlier in the week. After discovering seven vulnerabilities that could be exploited by cybercriminals, they hurried up and achieved a patch to solve the error. We also have to recognize when things are well done.

The problem is that not everyone takes security as seriously as they should. Yesterday we discovered that the US Army had stored several sensitive data on an Amazon server without any protection. We talk about access to sensitive data and credentials to reach other documents that could lead to more confidential information. If you leave the doors of Troy open wide, who needs a horse?

In the world of cybersecurity, invulnerability does not exist. No matter how invincible we believe we are, sooner or later someone will find our Achilles heel and take advantage of that weak point to get our data. For this reason, we should not be proud, but we should always be on alert and informed in order to avoid a defeat on the battlefield that is the world of cybersecurity.


Post a Comment