Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
97% of Americans Cant Ace a Basic Security Test
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
5/24/2019 | 8:40:13 AM
Re: OK but websites are not everything
I addressed just home users - my bad as most people go to work and therein, not having a basic idea, also commit stupid mistakes in judgment.  There is a video here of the subject on user education being critical as the front line of defense - all true. An amazing number of issues could be avoided IF people had just a basic idea of maybe 10 or 20 NO NO NO moves.  But that rarely is done. One great inside email campaign spoofed a spoof email and if users clicked on the link, it brought them to an internal site that said in effect BAD YOU, you need corporate education and here is where to find it.  Register now.  Great idea. 
miriamguimel
50%
50%
miriamguimel,
User Rank: Apprentice
5/22/2019 | 4:18:42 PM
Re: OK but websites are not everything
Lots of websites use passwords that are at least 8 characters long, but most websites unfortunately don't have 2FA, I think it's too soon for these settings

 

 
REISEN1955
0%
100%
REISEN1955,
User Rank: Ninja
5/22/2019 | 1:47:46 PM
Re: OK but websites are not everything
This should really be a FULL discussion of security.  Before moving to Georgia in 2014, I performed self-employed managed services for small  business and residential - the latter was not huge money but it was a bit of income that kept good dinners on the reservation list.  And the security knowledge in sum total of all homeowners was about nill!!!   One charming older couple got whacked by the Microsoft tech scam - lost everything.  (They called when I was in Georgia and I faulted myself for lacking a domestic backup strategy).

My other residentials were technically non-compliant (read that plain dumb).  In hindsight, I should have done far more them than I did and that is through my current position in a malware forensics CSirt department - increased knowledge across the board.  I did not have THAT up north and did not pass it to my clients, my bad.  But by basis knowledge alone they were all lacking in sophistication and not one would know HTTP from HTTPS at all - even less dual authentication, complex passwords, clicking on links, etc.  
escortrides
50%
50%
escortrides,
User Rank: Apprentice
5/21/2019 | 6:49:47 PM
Re: OK but websites are not everything
 


 
nYdGeo
100%
0%
nYdGeo,
User Rank: Apprentice
5/21/2019 | 9:54:10 AM
More website creators is simply better?
After reading the entire post and seeing again and again how much the average citizen does not know about Cyber Security, can someone explain to me why more Americans planning on creating websites is a good thing?  Is this based on the assumption that by doing so, we're confident that they'll take the time and put forth the effort to learn the basics of website security?  If so, that seems like an assumption as best.  If anyone can help me understand this point, I'd appreciate it.
R.Hicks
0%
100%
R.Hicks,
User Rank: Author
5/20/2019 | 4:41:29 PM
Re: OK but websites are not everything
While I tend to agree with you Whislock, there are also several elements missing from the story that could greatly affect the results. For example, there is no mention of the average age (only that all participants were over 16 years old) and I'd expect poorer performance from an octogenarian than a millenial. If the average age were 30 though I would be more concerned. Alsom the sample size was only 2,000, which is not a representative sample of all Americans. I do see REISEN1955's point though - whether or not a website uses HTTP vs. HTTPS isn't necessarily indicative of whether or not the link is "OK" as the article states and there is far more to security than URL analysis. I think a link to the poll and more information about the sample that participated would help clarify the severity of the findings.
whislock
100%
0%
whislock,
User Rank: Apprentice
5/20/2019 | 2:17:29 PM
Re: OK but websites are not everything
I have to ask why you'd even say this. There's a certain "hierarchy of knowledge" when it comes to non-technical users. Below multi-factor authentication, below VPNs (commercial VPN services are a massive security issue, why would you say this?), below the recognition of suspect software, you have the base of the pyramid, which is a basic understanding of the everyday security concepts of using the Internet and what threats exist. No, websites aren't everything, but websites are 99% of what the everyman does on the Internet day to day. If they lack even that basic understanding, why would you even suggest more advanced security concepts? That's like telling them to install a state-of-the-art home security system with all the bells and whistles when they can't even figure out to close the front door.
REISEN1955
0%
100%
REISEN1955,
User Rank: Ninja
5/20/2019 | 12:40:41 PM
OK but websites are not everything
What about complex passwords?  Dual authentication?  Reading suspect emails and acting on them?  Patch updating a system?  Intallation of suspect software often with PUPs?  Usage of a VPN service?  All important too and many likely to infection and perhaps destroy a system.  Websites are not everything. 


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17448
PUBLISHED: 2020-08-11
Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension.
CVE-2020-17466
PUBLISHED: 2020-08-11
Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by visiting manage/control.php and ignoring 302 Redirect responses.
CVE-2020-11552
PUBLISHED: 2020-08-11
An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to escalate privileges on a Windows host. An attac...
CVE-2020-13124
PUBLISHED: 2020-08-11
SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system.
CVE-2020-15597
PUBLISHED: 2020-08-11
SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field.