Technology Advisor Blog

Are "Default Passwords" our Defense Against Cyber-Terrorism?

Posted by Ann Westerheim on 11/23/11 9:07 AM

Cyber Terrorism - The next threat?In last night's Republican debate, one of the questions posed to the candidates was "What threat might we face in the next few years that no one is talking about today?".  The question was in the context of the 9/11 attacks shortly after George Bush became President, that defined his term in office.  One of the answers that caught my attention was cyber-terrorism.  Instead of a physical attack, our critical computer systems and networks could be attacked by hackers.  When you stop and think about how pervasive computing is in our modern lives, covering everything from banking to delivery of our utilities, it's scary to think of how vulerable we are.

In the Kaspersky Labs Threat Post yesterday, Paul Roberts posed a very scary question:  Was the three character password used to hack South Houston's Water Treatment Plant a Siemen Default?  Apparently the hacker describe an "easy-to-crack three character password" that provided access to the Siemans Simatic HMI (human machine interface) software that controlled the water treatment plant.  The description matches the default password that comes with the equipment, but the actual password hasn't been confirmed yet. 

Although the hacker says he didn't take any action when he gained access to the system, he could have shut out other users, taken control of the water treatment plant, and cause a lot of damage.  He used Internet scanning software to discover systems that were connected to the Internet, and then had a pretty easy time getting in.  He describes himself as merely a hobbyist, not a "real" hacker.

If default passwords are being used to protect our critical infrastructure, we're at risk!  This breach has gotten attention in the news, but who knows how many other similar systems are vulnerable like this.   The department of Homeland Security is working with Siemans to investigate the breach, but this is just the starting point.

ALWAYS use STRONG passwords to protect any applications you access over the Internet. Strong passwords should contain uppercase and lowercase letters, numbers, and symbols.  They should never be words in the dictionary, and ALWAYS change the default password!

Tags: passwords, Security, strong passwords, default passwords

Small Business Productivity/Security Recommendation - RoboForm

Posted by Ann Westerheim on 2/2/11 9:55 AM

With so many business and personal activities on-line these days, it's impossible to remember all the passwords.  We've all been trained to use "strong" passwords (6 characters or more, not a word in the dictionary, numbers & symbols), but remembering them is a big problem.

One of the productivity tools we like to recommend is RoboForm (www.roboform.com).  The slogan on their home page sums things up - "Put your passwords on speed-dial".  RoboForm automatically remembers your passwords, stores them securely, and then fills them in when needed, kind of like using a browser bookmark. 

When trying to remember complicated passwords, employees are often tempted to write them down and keep them in a convenient location, but this isn't secure.  In fact, the new Massachusetts Data Protection Law specifically addresses the storage of passwords by requiring:  "control of data security passwords to ensure that such passwords are kept in a location and/or format that does not compromise the security of the data they protect".  Bottom line, no more passwords on post-its under your keyboard! 

There's an entry-level free version of the program available, so this may be a great place to start and check it out.  Here is a link to the product comparison chart: http://www.roboform.com/how-it-works/product-comparison.

Tags: small business technology, Security, passwords

Subscribe by Email

Most Popular Posts

Browse by Tag

See all tags...

Connect With Us

Older Blog Posts

For older Ekaru blog posts, go to ekaru.blogspot.com.