 |
Charlotte Stonestreet
Managing Editor |
Time for some New Year's Resolutions?
08 January 2015
Mine is very simple - never to drive in Paris again. Having had my tyres slashed and then been mugged on a Paris street in broad daylight, that's it for me. It cost me my passport, which meant that I couldn't attend the SPS Drives show, so apologies to all those I let down!
Luckily, with the help of the UK Passport Office and US Homeland Security, I was able to sort it in time for my trip to California the week after, which had also seemed in doubt. My luck was clearly on the way up, and indeed the flight back landed at Heathrow just an hour before the Air Traffic Control system went into meltdown.
It turns out that the software system used in the UK dates back to the sixties and is pretty much patched up with string. So a resolution for them perhaps to bring their software systems up to standard, like all of our European counterparts have done.
How many other software systems are similarly challenged? Maybe another resolution to contemplate for some engineers?
Another resolution would be to ensure that our software systems are secure. David Gibson, VP at Varonis Systems, commented recently on the astonishing news that Sony saved all their passwords in a folder called 'Passwords' - surely none of us do that, do we??
"In order to do security well, you need have a good imagination,” said Gibson. "These administrators started off promisingly (with the imagination of someone from the 80s): 'Gee, we have a lot of passwords. How are we going to keep track of them all? I know. Let's put them in files in a folder on the file server called "passwords” that only administrators have access to. That way we don't need to remember them, we’ll always know where to find them and everyone on the team can get to them when they need them.'
"Unfortunately, their imagination seems to have disappeared about the time they cancelled their AOL accounts. How could they not ask themselves what would happen if one of the administrator’s accounts was compromised and the attacked started poking around?
"If you were an attacker, would it occur to you to search for anything containing the word 'password?' Maybe we should call the folder something a little less obvious, like 'laundry list'!
"It’s difficult to understand how someone working in IT today could let this situation continue. I’d like to say they did one thing wrong, but they did everything wrong.”
Just one more thing to look into, as we ring in 2015.
- No related articles listed
