Security, 1994-2004: Then And Now

Security, 1994-2004: Then And Now
Daniel Hanson, 2004-10-20

Comparing the state of security in 1994 versus 2004, has anything really changed over the course of ten long years?

Security, 1994-2004: Then And Now 2004-10-20
tbird@precision-guesswork.com (1 replies)

Hi Dan --

Although I agree with the essence of your comments, they're exactly the opposite of what I've just found by looking at CERT advisories and the SANS Top Twenty :-)

In 1989, a CERT advisory on recent compromises concluded that bad passwords, insecure services and unpatched applications were responsible for intrusions and unauthorized access (CERT CA-1989-03 and CA-1989-05). This advisory discussed UNIX systems, but...

In 2003, compromises were due to bad passwords on Windows accounts (leading to exploit propagation, especially with Phatbot, at least at my then-employer), unpatched applications/operating systems (WinRPC anyone?) and insecure services (peer-to-peer apps).

So while the operating system has changed, the problems remain the same...

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/272/28800#28800

And what those all have in common... 2004-10-25
Roger

Security, 1994-2004: Then And Now 2004-10-21
elmurado

Security, 1994-2004: Then And Now 2004-10-21
CR

Security, 1994-2004: Then And Now 2004-10-21
Saphire

Security, 1994-2004: Then And Now 2004-10-24
David Prinzing

Security, 1994-2004: Then And Now 2004-10-25
Tisca774

Security, 1994-2004: Then And Now 2004-10-25
Anonymous#1

Security, 1994-2004: Then And Now 2004-10-25
Mene Tekel

Security, 1994-2004: Then And Now 2004-10-27
Anonymous