Jonathan Farris
Assignment 3a
T CLS 510 A: Principles of Cyber Security
The homepage of www.securityfocus.com has a variety of featured security issues and discussions. Under the “Vulnerabilities” section, it is unlikely to see an item that has not been newly added or updated. Each item headlined has an issue that either needs to be addressed quickly, has been fixed and offers information on getting the correct patch, or has been determined to not be a significant threat. These vulnerability items share some similar themes such as being related to well-known types of engineered attacks such as Man in the Middle, Buffer Overflow, and Denial of Service. Another similarity in some of the headlines is the coding language the vulnerability applies to, such as Java or PHP.
One significant identifiable trend is that many of the items are related to remote security. Remote security is likely a constant fixture in the list of top concerns for cyber security professionals, as nearly every hacker gains access to their target from a remote location. While the term “remote access” traditionally referred to connecting directly to a system through hard line networks from an off-site location, it has evolved to incorporate wireless technologies as well. Many high profile breaches have occurred through exploiting weaknesses in wireless connection security.
TJ Maxx was hacked in 2007 through one store’s wifi signal because it was still running an obsolete security protocol. While that event inspired most security professionals to ensure their wireless routers were not using WEP anymore; it was only one vulnerability among many in the developing wifi realm. Wireless technologies are a prime example of the great paradox between convenience and security, which often results in security not being as strong as it can be. However, any time a vulnerability is mitigated, attackers begin identifying new weaknesses, and there seems to be no end to the potential for exploitation.
Remote security is also a root problem that many types of attacks can trace back to as the original issue. As previously stated, most hackers rely on