Monday, March 27, 2017

Vulnerability Summary for the Week of March 20, 2017 | US-CERT

If you are feeling a little complacent about cyber security today, just take a look at all these vulnerabilities listed, now many will say none of those can effect me or my business. Oh quite the contrary my friend. If you have a smart TV, or refrigerator, or that spanking brand new high tech router, or the cable TV box in your home or 2 dozen other devices in your home or office. You have a device running some version of Linux or one of the other vulnerabilities listed. Now that you know all these vulnerabilities, what are you going to do about them? Lets start with the router running the wired and wireless network for your home or office, lets set down and see if the patch is installed on it. Now you can put the router on automatic update, most of us do, but then how do we know who sent in that last update? Your smart TV how has it been updated with the latest patches, or your IP controlled thermostat, or that printer you are using, that you just had to have the ability to print to it wirelessly, who is checking the patches for that. Remember China hit the American Chamber of Commerce offices, all our Federal agencies came in and shut down the hacker, and within two weeks it had been hit again, in the end it was determined that one computerized thermostat just like the one you installed in your home last Christmas, and a cheap HP all in one printer, copier and scanner had hard wired vulnerabilities from the Chinese that had put them on the market, that no software fix could defeat, they just had to be removed. But there where patches available for both items that had supposedly fixed the vulnerability, in the end the only thing to do was get rid of them. In the case of the printer, it turned out the printers scanner was the culprit, and that China had built in the vulnerability in a great number of scanners used by printer manufactures from the USA and all over. So sit back and do not worry, it probably would not help in most cases.
from CTI Consulting

No comments:

Post a Comment