Password Reuse - Control networks double the risk
Control system vendors continue to bury hidden "default" passwords in their system which can fall victim to malware or hackers, making them the perfect backdoor into a company's operations.
Eric Byres
Jason Holcomb at Digital Bond wrote a great article called “Everybody Knows Your Passwords” on the issues of default passwords. In it he talked about how some control system vendors continue to bury hidden “default” passwords in their system. As Stuxnet illustrated, these passwords can fall victim to malware or hackers, making them the perfect backdoor into a company’s operations.
This week, I will add two more issues to this whole password “Hash Up” (sorry for the bad pun) that is a danger to control system security.
Password Re-use
The first is the problem of password reuse in control systems. Password reuse is the habit we all have of using the same password on multiple systems. In the IT world it is causing considerable concern because people use the same password for signing up for a free software download site as they use for accessing their bank account.
http://www.isssource.com/password-reuse-%E2%80%93-control-networks-double-the-risk/
- Related News:
Microgrids looking for right model - 02.01.2011 12:14- Underground security system - 02.01.2011 12:13
- Security zones create 'architecture of fear' - 02.01.2011 12:12
- WIB security standard released - 02.01.2011 12:11
- Slowdown: Users turn off anti-virus software - 02.01.2011 12:10
- HDTVs vulnerable to hack attacks - 02.01.2011 12:09
- Cyber security bill in Senate - 02.01.2011 12:08
- SC utility slow to fix nuclear safety equipment - 02.01.2011 12:07
- Chevron shuts, purges Utah pipline - 02.01.2011 12:06
- BP faces new suit from feds - 02.01.2011 12:05
- BP oil spill blankets Gulf Sea bed - 02.01.2011 12:04
- Hacker Report: More malware in 2011 - 02.01.2011 12:03
- Stuxnet Video: Mitigation strategy outlined - 02.01.2011 12:00
Case Study Database
Get more exposure for your case study by uploading it to the Consulting-Specifying Engineer case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.
These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.
Click here to visit the Case Study Database and upload your case study.
