Another thing we would recommend apart from selecting very strong and unique passwords is the use of password managers. They use the name of a spouse, of a kid, of a pet, or they simply do not have strong enough security measures in place like antimalware, antivirus, the type of thing that belongs on every computer these days. And in virtually every case we see that the passwords and account credentials have been used elsewhere.Īnother factor that plays a significant role is that people aren't using very strong passwords. The vast majority of the cases that we see have to do with there being a lot of data breaches lately, and whenever we're pointed to potential TeamViewer account abuses, we check internally to determine what we can see. What follows is a lightly edited transcript of the conversation:Īrs: As we're having this conversation on Sunday morning, is it still TeamViewer's belief that the account takeovers are the result of password reuse and passwords exposed in breaches external to TeamViewer? Subscribe to our cybersecurity podcast CYBER, here.Further Reading TeamViewer users are being hacked in bulk, and we still don’t know howOn Sunday, TeamViewer spokesman Axel Schmidt acknowledged to Ars that the number of takeovers was "significant," but he continued to maintain that the compromises are the result of user passwords that were compromised through a cluster of recently exposed megabreaches involving more than 642 million passwords belonging to users of LinkedIn, MySpace, and other services.Īrs spoke with Schmidt to get the latest. So, even if the accepted some crazy value like 1000ppm when it was expecting 10ppm (which is still unlikely), you couldn’t make that happen quickly because the physical equipment isn’t capable of doing it." "Meaning you just can’t physically move that much chemical through the system that fast. "It’s an actual physical size restriction." Miller said. Most water systems have physical limits on how much of a certain chemical can be pumped into the process, according to Miller. Moreover, it's actually unlikely that the hacker could have really caused widespread harm. "In most environments the change would have been caught fairly rapidly." "Even though the hacker knew enough to manipulate a dangerous chemical, this intrusion still feels a bit ham fisted," Carhart said. And it's unlikely an attack like this would have worked against other utilities either, according to experts. Either way, the good news is that the water utility caught the intrusion, which wasn't as subtle as it could have been. There's still a lot we don't know about the hack of the City of Oldsmar's water treatment system, and the details of how the hacker took control will be the key in knowing how much the water utility was responsible for not securing its systems. "Someone either chose to do this for convenience with knowledge of the risks or they were ignorant of the risk and thought it wouldn’t be found (or that it was secure enough in this configuration)." Allowing weak controls on remote access to critical systems is the issue," Miller added. "This is an education or attitude problem.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |