Security Industry Broken

According to a security researcher, information security professionals need to start caring more about security.

Senior security researcher at Kaspersky Lab, David Jacoby, said the information security industry is broken. He told the opening session of the Security Congress in Europe: "We think we understand security, but we don't. We know what we should be doing, but often we don't do it."

Jacoby feels that security professionals need to really start caring about information security and ensuring the businesses they support do the same.

He added: "We need to focus on what we are trying to do. We need to stop talking about what all our security products are doing and talk about what they are not doing.

"We also need to stop talking about emerging and future threats, and instead first solve the problems that we have known about for 30 years and still not addressed."

Jacoby believes that while a great deal of attention is being devoted to the security threats and the Internet of Things (IoT) hardly any attention is being paid to the security risks of things such as storage devices and routers.

He illustrated his research by demonstrating that he was able to use an emailed link to a video to bypass the firewall on his home network and access his home storage device from a remote location.

Jacoby said: "Once I had the IP address of the storage device, which is really a small server, I was able to get a connection because the software is continually looking for a connection request."

He discovered that the factory-installed Python software on the Linux-based storage device he uses for backup provided 22 ways of executing code on the storage device with administrator status.

print this article

Return to internet news headlines
View Internet News Archive

Share with: