Virya Technologies Blogs

Blogs from Virya Technologies staff

Ben Tasker

Ben Tasker

Ben is a Network Security and Linux specialist with experience on a wide range of Unix based Operating Systems, as well as a serious amount of experience with the Microsoft Windows Operating Systems. Ben is also an amateur photographer and enjoys writing articles on technical subjects.

Blog entries tagged in Requests

Ben Tasker

Who's Auditing the Auditors? It should be You!

Posted by Ben Tasker
Ben Tasker
Ben is a Network Security and Linux specialist with experience on a wide range of Unix based Operating Systems...
User is currently offline
on Friday, 30 September 2011 in General business

A recently published issue with a Security Auditor has highlighted just how much potential there is for the worst to happen when information is requested by someone with a level of authority. In this particular case, the person being asked for the information had the sense to challenge the request, but it's easy to believe that many others would have simply attempted to comply.

The Security Auditor in question was insisting that the following be provided;

  • A list of current user-names and plain-text passwords for all user accounts on all servers

  • A list of all password changes for the past six months, again in plain-text

  • A list of “every file added to the server from remote devices” in the past six months

  • The public and private keys of an SSH keys

  • An email sent to him every time a user changes their password, containing the plain-text password.

It should be pretty clear to most that this presents a huge security issue, but faced with a Payment Card Industry (PCI) Auditor making the request, how many would simply assume that he “must know what he's doing”?

Tags: Audits, Compliance, data protection, Data Security, disclosure, due diligence, PCI Audit, Requests, responsibility, Security, Social Engineering
Hits: 409 0 Comments Continue reading
Rate this blog entry

Looking for our open source software?

viryasoftwarelogo

We release and support our open source software at Virya Software

Find us on

facebook    linkedin    twitter     youtube    vimeo    ViryaTechnologiesJoomlaResources    ViryaTechnologiesonTechnorati    rss

Virya Technologies Newsletter

Receive all the latest tips, news and reviews from Virya Technologies.

Come and meet us!

MAY
17

17.05.2012 - 21.05.2012
Joomla! And Beyond 2012

JUN
01

01.06.2012 07:30 - 09:30
Ipswich Connected Business Breakfast

JUN
01

01.06.2012 12:00 - 17:20
Ecademy BlackStar First Friday Working Lunch

JUN
14

14.06.2012 19:30 - 22:00
Joomla! User Group Suffolk Meeting

JUL
06

06.07.2012 07:30 - 09:30
Ipswich Connected Business Breakfast

The latest from Virya Technologies

Virya Technologies
Virya Technologies @RickyatACE if its a 2.5 site did you consider smart search?
ABOUT 6 HOURS AGO
Virya Technologies
Virya Technologies @rickyatace Are you using #joomla articles or a cck like #k2 ? Ruth ^RC
ABOUT 12 HOURS AGO
twitter Follow Viryatech on Twitter