Communications of the ACM
Stop Worrying About Mastermind Hackers. Start Worrying About the It Guy.
Credit: Reuters
Mistakes in launching Oracle software have led to millions of Americans' data being leaked onto the Internet. Most of the organizations affected have been universities or government agencies, which hold a wide range of information on individuals and private companies. The security breaches can be attributed to system administrators who make routine errors, leaving the data unsecured, which highlights how even in an era of increasing national investment in cybersecurity, the weakest link often involves common human error.
Experts say the security problem shows that even highly skilled information technology administrators can struggle to keep large systems up to date with the latest software updates, security patches, and configurations. In addition, administrative credentials for the systems have been left exposed in many cases, giving hackers the chance to probe into compromised networks.
"There's an old joke, that computers need a 'Do-What-I-Mean' function," says Columbia University professor Steven M. Bellovin. "Some systems are just impossible to configure correctly . . . the code is complex."
Some experts say Oracle deserves some of the blame for issuing software that was complicated to use properly and had default settings that left security weak. "To think that a local government IT administrator in a small town is going to be able to adequately protect from all threats is woefully misguided," says Center for Democracy & Technology chief technologist Joseph Lorenzo Hall.
From The Washington Post
View Full Article – May Require Free Registration
Abstracts Copyright © 2014 Information Inc., Bethesda, Maryland, USA
No entries found