Study: Old security flaws cause some breaches

A new study finds that many companies still have old security vulnerabilities lurking in their systems, leaving a back door open for hackers to get in and attack. The report from Trustwave is based on an analysis of more than 1,900 penetration tests and more than 200 data breach investigations conducted for clients including American Express, MasterCard and several large retailers.

Until now, many companies have been relying on finding the latest vulnerabilities, not reaching back to old and supposedly well-understood ones. But the finding sets the stage for companies to do another inventory of their systems, looking for cracks that may have been left in place for years.

Are you one of these companies? And would it be worth your while to patch your system to prevent an opening?

The most common vulnerability discovered during Tustwave's penetration tests involved the management interfaces for web application engines such as WebSphere and ColdFusion. Amazingly, in many cases, the management interfaces were accessible directly from the Internet and had little or no password protection.

There is some good news out of this survey. It means that companies will not have to provide expensive fixes to a problem easily and more cheaply solved.

For more on old vulnerabilities:
- see this CIO.com article

Related Articles:
The 10 most terrifying IT breaches of 2009
11 hidden security threats
Cost of data breaches gets higher