Being hacked might get even more expensive

Most companies pay lip service to security, but the emphasis is just not there.  There is bluster and maybe even a few conversions soon after an embarrassing security breach, but all too often a scapegoat is found, fired and then it is back to business as usual.

The missing element is real financial cost.  Looks like Massachusetts and hopefully the feds will change that with new laws that make companies that get hacked pay for the cleanup

I really like this kind of accountability.  While I don’t think it will be a panacea solving all our problems it will put those to blame for these problems clearly on the hook for paying to clean them up.

Hopefully other states and Congress follow the lead of Massachusetts.

Default Router Passwords

ZDNet recently had an article about new attacks that allow systems to be exposed to the worst kind of attacks just by visiting a web page with a bit of Javascript.  The root of the problem is actually not changing the default passwords on those ubiquitous home routers from linksys and netgear (among others).  As Duane Laflotte and I work on our book (I know it is about 2 years overdue), we are struck by the fact that there really aren’t many new kinds of attacks, just more ways to exploit the same old stupid mistakes people seem intent on ignoring forever.

If you bought a combination based high security lock system for a new car would you change the default code?  What if the code was 0000?  Would that be enough for you to realize that anyone who ever took a test drive or just made an effort to think about it could guess your code?  Read the article and just think about how ridiculous this would be in any other arena other than computers.  If we could just get people thinking about this stuff I think we would go a long way to reducing the security problems we see.  The Spam storm that is clogging the Internet lately and other incidents might be much less common if this one little change could occur…