Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

97% of Americans Cant Ace a Basic Security Test
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
5/24/2019 | 8:40:13 AM
Re: OK but websites are not everything
I addressed just home users - my bad as most people go to work and therein, not having a basic idea, also commit stupid mistakes in judgment.  There is a video here of the subject on user education being critical as the front line of defense - all true. An amazing number of issues could be avoided IF people had just a basic idea of maybe 10 or 20 NO NO NO moves.  But that rarely is done. One great inside email campaign spoofed a spoof email and if users clicked on the link, it brought them to an internal site that said in effect BAD YOU, you need corporate education and here is where to find it.  Register now.  Great idea. 
User Rank: Apprentice
5/22/2019 | 4:18:42 PM
Re: OK but websites are not everything
Lots of websites use passwords that are at least 8 characters long, but most websites unfortunately don't have 2FA, I think it's too soon for these settings


User Rank: Ninja
5/22/2019 | 1:47:46 PM
Re: OK but websites are not everything
This should really be a FULL discussion of security.  Before moving to Georgia in 2014, I performed self-employed managed services for small  business and residential - the latter was not huge money but it was a bit of income that kept good dinners on the reservation list.  And the security knowledge in sum total of all homeowners was about nill!!!   One charming older couple got whacked by the Microsoft tech scam - lost everything.  (They called when I was in Georgia and I faulted myself for lacking a domestic backup strategy).

My other residentials were technically non-compliant (read that plain dumb).  In hindsight, I should have done far more them than I did and that is through my current position in a malware forensics CSirt department - increased knowledge across the board.  I did not have THAT up north and did not pass it to my clients, my bad.  But by basis knowledge alone they were all lacking in sophistication and not one would know HTTP from HTTPS at all - even less dual authentication, complex passwords, clicking on links, etc.  
User Rank: Apprentice
5/21/2019 | 6:49:47 PM
Re: OK but websites are not everything

User Rank: Apprentice
5/21/2019 | 9:54:10 AM
More website creators is simply better?
After reading the entire post and seeing again and again how much the average citizen does not know about Cyber Security, can someone explain to me why more Americans planning on creating websites is a good thing?  Is this based on the assumption that by doing so, we're confident that they'll take the time and put forth the effort to learn the basics of website security?  If so, that seems like an assumption as best.  If anyone can help me understand this point, I'd appreciate it.
User Rank: Author
5/20/2019 | 4:41:29 PM
Re: OK but websites are not everything
While I tend to agree with you Whislock, there are also several elements missing from the story that could greatly affect the results. For example, there is no mention of the average age (only that all participants were over 16 years old) and I'd expect poorer performance from an octogenarian than a millenial. If the average age were 30 though I would be more concerned. Alsom the sample size was only 2,000, which is not a representative sample of all Americans. I do see REISEN1955's point though - whether or not a website uses HTTP vs. HTTPS isn't necessarily indicative of whether or not the link is "OK" as the article states and there is far more to security than URL analysis. I think a link to the poll and more information about the sample that participated would help clarify the severity of the findings.
User Rank: Apprentice
5/20/2019 | 2:17:29 PM
Re: OK but websites are not everything
I have to ask why you'd even say this. There's a certain "hierarchy of knowledge" when it comes to non-technical users. Below multi-factor authentication, below VPNs (commercial VPN services are a massive security issue, why would you say this?), below the recognition of suspect software, you have the base of the pyramid, which is a basic understanding of the everyday security concepts of using the Internet and what threats exist. No, websites aren't everything, but websites are 99% of what the everyman does on the Internet day to day. If they lack even that basic understanding, why would you even suggest more advanced security concepts? That's like telling them to install a state-of-the-art home security system with all the bells and whistles when they can't even figure out to close the front door.
User Rank: Ninja
5/20/2019 | 12:40:41 PM
OK but websites are not everything
What about complex passwords?  Dual authentication?  Reading suspect emails and acting on them?  Patch updating a system?  Intallation of suspect software often with PUPs?  Usage of a VPN service?  All important too and many likely to infection and perhaps destroy a system.  Websites are not everything. 

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-12-04
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges.
PUBLISHED: 2022-12-04
An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands.
PUBLISHED: 2022-12-04
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal.
PUBLISHED: 2022-12-04
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal.
PUBLISHED: 2022-12-04
CrowdStrike Falcon 6.44.15806 allows an administrative attacker to uninstall Falcon Sensor, bypassing the intended protection mechanism in which uninstallation requires possessing a one-time token. (The sensor is managed at the kernel level.)