![]() These are crucial security tools, but they become vulnerable when you operate them according to what attackers have tried in the past. Technology has its own versions of the Maginot Line: passwords, antivirus software, scanning and patching for vulnerabilities, firewalls. SECURITY LESSON: Attackers are constantly evolving and improving make sure you evolve with them. Advancing in armored tanks at never-before-seen speeds, the Germans rendered the Maginot Line meaningless. But in 1940, Hitler’s army mounted its devastating blitzkrieg attack on France via Belgium, avoiding the fortifications entirely. Maginot Line, France – 1940Īfter World War I, the Treaty of Versailles called for 450 miles of France’s borders with Germany, Switzerland, and Luxembourg to be fortified. If your attackers can find it, they will exploit it.įor example, when Apple’s iCloud suffered a breach despite Brute Force Protection and 2-Factor Authentication, it was discovered that an overlooked back-up API had given the attackers a way in. SECURITY LESSON: One weak link, no matter how small, can undermine all your strength. Once inside, they flung open the castle gates-and the rest is history. However, at some point the French soldiers discovered a toilet chute in the castle’s inner wall and were able to climb up through it. The castle fortifications were incredibly strong and withstood a six-month siege. When King Philip of France decided to win Normandy back from his English rival, his army attacked the key English defense of Castle Galliard. Castle Galliard in Normandy, France – 1204 AD Both represent “security through obscurity,” and once an attacker sees your code and discovers your secrets, all bets are off. As soon as one person discovered this secret, however, all owners of this router were at risk.Įqually ill-advised is hardcoding passwords into your code, or creating your own encryption algorithms. But in one puzzling case, one major router company created an obscure secret string that when sent to the router, opened a backdoor-no username or password required. Most have an administrative page protected by username and password. Counting on attackers to not learn your secrets is not a winning security strategy. SECURITY LESSON: “Security through obscurity” isn’t good enough. Unfortunately for the Greeks, however, the Persians eventually learned of a second secret path through the mountains, which they used to launch a sneak attack from the rear. Even though they were vastly outnumbered, the Greeks were able to hold the Persians back in the narrow Thermopylae Pass. In a battle popularized in the movie 300, after a long series of battles, the 7,000-strong Greek army faced more than 100,000 Persians soldiers. But there are many other situations- SQL injection attacks, cross-site scripting, command line injection-in which failing to validate the input you’re accepting into applications can cause serious problems. Most modern parsers know to defend against this type of attack. In other words, this 1KB piece of XML will expand to occupy almost 3GB-enough to crash almost any XML parser or application server. The parser will look above, see the definition, and then replace it will a string of &lol7s, then &lol6s, then &lol5s, and so on. The parser will look for the definition above, see that it should be &lol8, and replace it below.īut these, too, are entities. Older XML Parsers would identify the code snippet &lol9 as an entity that must be expanded. This code contains a bunch of entity statements-macros that expand. Hidden inside it is a Denial of Service (DDoS) attack. The XML code below, which might be sent to an API, is a modern-day Trojan horse. SECURITY LESSON: Always validate your input-you never know what might be hiding in the horse. When night fell, the Greek soldiers hidden inside the horse slipped out and opened the city gates, allowing their waiting comrades to rush in and wreak havoc. Taking it for a gift or tribute, the Trojans wheeled their prize into the city. They retreated, leaving only a massive wooden horse behind. 1190 BCEĪs the apocryphal tale goes, after a fruitless 10-year siege at the walled city of Troy, Agamemnon’s Greek army devised a cunning plan to get inside. Even a quick look at the themes they represent can generate insights on how to help you protect yourself-and your data. The tactics behind some of the world’s most historic security breaches are still in play in today’s digital age. This was as true for ancient stone fortresses as it is for today’ s “data castles” in the cloud. History shows that successful attacks often exploit the weakest link. “Those who cannot remember the past are condemned to repeat it.”
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |