Advertising for help can showcase security weaknesses
Source: SearchSecurity - Posted by Pax Dickinson   
Security Wonder how hackers know where your company's network is vulnerable? Your online job postings may be the culprit. Do they hint where you're weak in IT staffing? List specific operating systems and hardware that candidates should be familiar with? If so, you've provided enough information for the bad guys to break in.

"Ninety percent of companies have a Web site used for bragging rights. They want people to visit them and see how good they look and what they do, and part of it is also to recruit quality employees by listing available positions," explains Robert Schperberg, a digital forensics expert who just published the book CYBERCRIME: Incident Response and Digital Forensics. The problem with highly visible job ads, he said, is that the computer criminals also scrutinize them to see where there are weaknesses, not only in personnel but in potentially unpatched software and hardware that can be used to attack networks.

"We announce to the world what we're using and make it possible for 'reverse intent,' in which hackers use the same manuals and how-to books to figure out how to penetrate your system," said Schperberg, a former law enforcement officer who now works as vice president of operations for consultancy TeleDesign Security Inc., in Berkeley, Calif.

Read this full article at SearchSecurity

Only registered users can write comments.
Please login or register.

Powered by AkoComment!