Why security testing is vital before releasing products, Nova Scotia privacy commissioner critical of the government, and keep away from construction sites
It often doesn’t take much effort for hackers to successfully do their jobs. Simple mistakes by companies make it easy. The news site TechCrunch this week carried a prime example. A security researcher said he was able to take over the websites of anyone who used one of several large hosting companies, big names like OVH, iPage and Bluehost. The bugs have now been fixed, but website owners could have been victimized by clicking on a link in an email or a tweet. That would have started a process allowing an attacker to insert their email address as the site’s owner. Ultimately that would allow the attacker to take over the account. This was just one of the problems the researcher discovered. Obviously, many organizations still aren’t doing enough security testing of their products.
That, by the way, was also the conclusion of Nova Scotia’s privacy commissioner after looking into last year’s data breaches through the province’s new access to information website. Because there wasn’t adequate testing by the government before the new site went live, serious vulnerabilities weren’t discovered. As a result, hackers realized that just by changing document numbers in the URL address at the top of a web page they could get hold of thousands of documents, some of which had personal information on 740 people. Not only didn’t the government properly test the site, it ignored a recommendation for a security threat assessment from its own security staff — and from the privacy commissioner.
My full story on this report is available here.
Here’s some chilling news to think about next time you walk beside a construction site: Those cranes and hoists workers use may be vulnerable to an attack if they rely on radio communications. Researchers at security vendor Trend Micro have discovered several systems that rely on radio controllers, including those used in transportation and mining sectors, could be hacked and taken over. Manufacturers have been notified and are patching the systems. If you want to access the full report on this, there’s a link here.
Finally, If you’re an IT professional there’s a Cloud Security Summit tomorrow, Jan. 17, in downtown Toronto. Admission is free and registration details can be found here.