Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Rethinking Cybersecurity Hiring: Dumping Resumes & Other 'Garbage'
Newest First  |  Oldest First  |  Threaded View
tdsan
50%
50%
tdsan,
User Rank: Ninja
10/13/2019 | 8:36:43 PM
Re: Interesting comment about Garbage

I could not agree with you more Bradley, it sounds like you are not just talking about it but you have dealt with the real world. My buddy has went through the same thing you have gone through wiht a security company located in VA (he found a security bug and issues, point it out and later they walked him to the door, not because he was trying to help, but "how dare he" identify problems in our security solution. 

In addition, we identified the same problem with a security assessment at the US Dept.of Navy, they received a raving score for their security setup and implementation, but again, a friend of mine in Bethesda found issues with the network from HP OpenView scans. He reported the issues to our site in DC and we made changes based on some registry entries, easily done. But when he reported the same thing to the members in Bethesda, they asked him to shutdown the system, leave the lights on and paid him to leave the location.

There are a number of other instances, it is not really going to change anything, it has to come from the top down. It cannot be leadership covering up the truth, they have to embrace it so positive change can come. Sometimes it means bringing light to people (negative incertain instance) and their incompetence, but so be it. It is a political game but in the end, we are all better for it.

T


Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-15682
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
CVE-2017-15683
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
CVE-2017-15684
PUBLISHED: 2020-11-27
Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.
CVE-2017-15685
PUBLISHED: 2020-11-27
Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
CVE-2017-15686
PUBLISHED: 2020-11-27
Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote attackers to steal users’ cookies.