A coding error that results from 2 exact things happening at the same time
.
You're using old software or hardware that is no longer supported or receiving updates - avoid this by always updating
.
You don't even see the OS or software, but it's connected to the internet
.
The vendor isn't issuing patches to their software for known vulnerabilities - think of the Trane example
.
User or malicious actor being allowed to input data when they shouldn't
.
Error messages that may give too much detail that would allow a malicious actor to use it (trances, dumps, etc)
.
User leaves a door open by improperly configuring a device or system
.
Devices should always have these changed immediately upon setup - botnets can take advantage of default user names and PWs on IoT devices such as cameras, garage doors, etc.
.
Example: John up in Marketing had no idea what social engineering is. All it takes is one user leaving a door open to expose the entire organanization
.
Accounts set up for testing purposes, old accounts, etc - should all be removed
.
What business processes does the organization use that could allow entry points?
.
Encryption (AES, 3DES, etc) combined with length of cipher key combined with hashes should be very strong - if it's not, what kind of vulnerability do you have?
.
Unused memory grows in size and eventually crashes the system
.
Large number of intergers but not enough room - so where does the extra integer go? Does it somehow allow access to the system or to the data?
.
Where does the extra data go that was supposed to be sent to the buffer but the buffer was full? This kind of vulnerability can lead to the threat of privilege escalation
.
Pointing to a reference point in memory that doesn't exist - so where does it go?
.
Application Library Files that were added by the bad guys - they didn't write the app, but they wrote the library
.
With virtual systems (servers, workstations, etc) it's easy to quickly sprawl out of control; also, physical assets that were forgotten could contain an entry way for a bad guy
.
Examine every single part of the network and well as physical access for holes and entry ways to look for this.
.
What you don't know can hurt you - the day something is found is the day it should be patched to avoid this type of vulnerability
.
Must be well thought out in terms of who will be the CA, who will protect the CA, what's the formal validation of the process, etc. otherwise you could have this category of vulnerability
.
|
