Cyber Security Today: Jan. 16, 2019 — Why security testing is vital, and keep away from construction sites

Why security testing is vital before releasing products, Nova Scotia privacy commissioner critical of the government, and keep away from construction sites

It often doesn’t take much effort for hackers to successfully do their jobs. Simple mistakes by companies make it easy. The news site TechCrunch this week carried a prime example. A security researcher said he was able to take over the websites of anyone who used one of several large hosting companies, big names like OVH, iPage and Bluehost. The bugs have now been fixed, but website owners could have been victimized by clicking on a link in an email or a tweet. That would have started a process allowing an attacker to insert their email address as the site’s owner. Ultimately that would allow the attacker to take over the account. This was just one of the problems the researcher discovered. Obviously, many organizations still aren’t doing enough security testing of their products.

That, by the way, was also the conclusion of Nova Scotia’s privacy commissioner after looking into last year’s data breaches through the province’s new access to information website. Because there wasn’t adequate testing by the government before the new site went live, serious vulnerabilities weren’t discovered. As a result, hackers realized that just by changing document numbers in the URL address at the top of a web page they could get hold of thousands of documents, some of which had personal information on 740 people. Not only didn’t the government properly test the site, it ignored a recommendation for a security threat assessment from its own security staff — and from the privacy commissioner.

My full story on this report is available here.

Here’s some chilling news to think about next time you walk beside a construction site: Those cranes and hoists workers use may be vulnerable to an attack if they rely on radio communications. Researchers at security vendor Trend Micro have discovered several systems that rely on radio controllers, including those used in transportation and mining sectors, could be hacked and taken over. Manufacturers have been notified and are patching the systems. If you want to access the full report on this, there’s a link here.

Finally, If you’re an IT professional there’s a Cloud Security Summit tomorrow, Jan. 17, in downtown Toronto. Admission is free and registration details can be found here.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

ITWC podcast network

Subscribe to ITWC podcasts and never fall behind on the conversation in technology again. Our daily podcasts are perfect to add to your smart speaker’s daily briefing or to your favourite podcast app on your smartphone. 

Cyber Security Today Podcast

#Hashtag Trending Podcast