News / Security /

US Computer Emergency Readiness Team Issues Warning to Change Your Passwords


Today’s IP news roundup highlights some of the latest headlines in network security, virtualization and more:

  • Cyberattack attempts against critical infrastructure increase, yet many organizations still use default passwords on Internet-connected devices. According to the US Department of Homeland Security, there have been more than 200 brute-force cyberattack incidents against critical infrastructure between October 2012 and May 2013, “surpassing the 198 total attacks in all of fiscal year 2012.” More than half (53%) of these attacks have been in the energy sector. Luckily, these attacks have not been successful, but they have prompted the US Computer Emergency Readiness Team (US-CERT) to issue a warning that critical infrastructure organizations should change their passwords. The US-CERT security alert states that it is “imperative” to change the manufacturer’s password, as hackers can easily get these passwords online and find exposed systems. For more information on cyberattacks against the energy sector, see Computerworld.
  • SCADA “sport fishing” is the SC Magazine threat of the month. According to SC Magazine, “SCADA is not just a focus because of its often critical deployments, but also because performing vulnerability research on SCADA systems is easy, like 1990’s stack buffer overflow type-of-easy.” However, it may be difficult to protect yourself from attacks, as SCADA manufacturers need to put better security measures in place. For more information on SCADA “sport fishing,” see SC Magazine.
  • Here’s what you must tell management in order to get their buy-in for virtualization. Cost savings is one of the key reasons many organizations adopt virtualization. However, Data Center Knowledge states that if you want to get buy-in, you must convince management that virtualization will not be a pain to implement. The article suggests using preconfigured virtualization infrastructure, as “the planning and integration is already taken care of for you. You aren’t going to have to spend endless hours training your IT staff on the software or hardware, as it’s very easy to pick up, and most likely your IT department has more than a passing familiarity with the technology.” For more advice on how to get buy-in for virtualization, see Data Center Knowledge.
  • And finally … Google will not change its privacy policy for Glass. A few weeks ago, expertIP mentioned that Canada is concerned about Google Glass and privacy, as the technology gives people the ability to film and photograph others without gaining permission. The Canadian government, along with a number of global data protection agencies, sent an open letter to Google expressing these concerns. However, Computerworld has reported that Google is not planning to change its privacy policies at this time, although “Google says it won’t allow facial recognition on Glass until strong privacy protections are in place.” For more information on Google Glass and privacy, see Computerworld.

What is your take on today’s news? Feel free to share your opinions below.

Comments are closed.