After returning from a sabbatical in Europe, I am sharing Rod Crowder, Opscentre 8 December 2015 blog on Four Fatal Flaws in IT Security Flagged at Black Hat Europe 2015. Source http://www.opscentre.com.au/blog/four-fatal-flaws-in-it-security-flagged-at-black-hat-europe-2015/#more-1674
IT security flaws are now myriad, but these four stuck out like sore thumbs at the recent Black Hat Europe 2015 conference on security. Their distinguishing feature for the most part was the massive scale on which hacking could be perpetrated, either because of the number or the size of the systems affected.
1.The first flaw comes in two different technical flavours, but concerns the same issue: PC disk encryption. Laptops with self-encrypting disks (SEDs) that go into sleep mode, instead of hibernation or full shutdown, leave their SED unlocked and vulnerable to a hacker triggering a software-level system restart. Windows BitLocker, Microsoft’s program to encrypt hard drives, could leave machines at risk to somebody with physical access. Data theft or compromise could happen on unattended office desktops or laptops in coffee shops.
2.Next is the problem of the self-driving car (like the one Google has been promoting). These vehicles use Internet connectivity and components that hackers can tamper with at a distance, causing the vehicles to fail to detect obstacles. That said, other more conventional vehicles such as the Jeep Cherokee have also been proven to offer hackers the possibility to take control of a vehicle’s steering and braking remotely.
3.Enterprise resource planning systems could be one of the next mega-targets for cybercriminals. Systems from SAP in particular apparently offer hackers the possibility to change oil stock figures to artificially change the market price of oil or trigger malfunctions in oil refineries. Given that SAP claims about 78% of all oil production depends on its software, a problem could easily take on global proportions.
4.Banking software from Temenos was also on the list of flawed products, although the security expert claiming to have found the defects also decided to withhold details for the moment. Like the HSBC problems uncovered by auditors a while ago, the flaws are said to be so serious that identifying them publicly could lead to immediate risk of attack.
Now you know which IT systems to fix in your own organisation. And the self-driving car? Try a bicycle – un-hackable, less polluting, and keeps you fitter!