Open port vulnerabilities are a serious concern, regardless of the platform involved. Devices now tend to always be connected to the Internet and someone (bag guys) is always listening.
Here is a warm and fuzzy article for everyone paying attention to the budget debate in Washington, DC. Apparently, IT security and systems upgrades have not been a focus for some time in the Department of Defense, or upgrades have been a focus and Congress has not found a mechanism to provide the funds. Let’s all hope for the latter.
In case the title is not clear, the article details the fact that up to 75% of core infrastructure systems at DoD are still running Windows XP or older operating systems. That is most certainly a cringe-worthy fact.
Yet another example that size does not matter – even the big boy tech companies are susceptible to phishing and cyber theft.
Secure code development is critical. I am glad to see the OWASP list echoing this sentiment.
This is an important process to monitor in Washington. I am concerned that Federal IT modernization continues to be pushed to the back burner. There are real issues with Federal IT infrastructure that must be addressed sooner rather than later.
Beware if you have eaten at a Chipotle restaurant recently. Check your card statements.
I listened to an interesting Steve Gibson podcast on this same subject and tend to agree with Steve that this is a decent implementation of a stronger single factor authentication mechanism, but it is far from multi-factor authentication. This can certainly replace weak passwords with a slightly stronger authentication mechanism, but it most instances, real security will require a second, truly secret authentication factor.
Beyond the government associated compliance requirements, the NIST cybersecurity framework is the foundation of or a key component of multiple private and third party compliance requirements. Take a moment to review the changes and consider how you will track those changes moving forward.