{"id":2768,"date":"2014-01-08T00:00:00","date_gmt":"2014-01-08T00:00:00","guid":{"rendered":"http:\/\/otava.test\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/"},"modified":"2014-01-08T00:00:00","modified_gmt":"2014-01-08T00:00:00","slug":"human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/","title":{"rendered":"Human error, weak passwords and OS misconfigurations still the most vulnerable targets for hackers"},"content":{"rendered":"

When hackers recently defaced the homepage of OpenSSL.org, administrators initially claimed the attack cam \u201cvia hypervisor through the hosting provider and not via any vulnerability in the OS configuration.\u201d One day later, VMWare defended its ESX Server against the OpenSSL claim and \u2013 one day later \u2013 OpenSSL\u2019s investigation \u201cfound that the attack was made through insecure passwords at the hosting provider.\u201d<\/p>\n

VMWare, which originally claimed \u201cthe defacement is a result of an operational security error,\u201d released an updated statement when OpenSSL updated its advisory to \u201cconfirm that their understanding of the cause of this incident is the same as VMware\u2019s.\u201d<\/p>\n

What\u2019s the lesson here?<\/p>\n

\"\"<\/a>
Aiello<\/figcaption><\/figure>\n

Primarily, says Online Tech Senior Product Architect Steven Aiello, that attackers aren\u2019t interested in taking the hard road to their targets. \u201cHuman error, weak passwords and OS misconfigurations from inexperienced administrators are still the most vulnerable targets for hackers,\u201d he said.<\/p>\n

While the OpenSSL hack was harmless \u2013 the Turkish group responsible seemed only interested in bruising OpenSSL\u2019s pride \u2013 that\u2019s not typically the case. Complex criminal organizations are becoming quite effective at making money in cyber space.
\nTake, for instance, researchers at Trustwave finding another Pony botnet controller in December that was overseeing nearly 2 million website logins, email account credentials and FTP, RDP and SSH accounts.<\/p>\n

The account information was mainly for social media accounts like Facebook, Google, Twitter, Yahoo and LinkedIn. But it also included an estimated 8,000 passwords for APD Payroll Services accounts.<\/p>\n

\u201cNo industry is safe,\u201d said Aiello, who spent nine years as a Systems Engineer at ADP. \u201cHaving worked at ADP, I know their security systems and that they spend a LOT of money on security. So what are smaller companies supposed to do for protection?\u201d<\/p>\n

One logical step may be to look for a trusted, secure hosting <\/a>provider for help.<\/p>\n

Another is to get the entire organization to understand the importance of \u2013 and comply with \u2013 security measures. Consider it a New Year\u2019s resolution. And it can start with something as simple as improving password strength<\/a>.<\/p>\n

The Trustwave researchers that discovered the Pony controller took a deep look into the stolen passwords themselves. From an InformationWeek report: \u201cHundreds of thousands of credentials, the researchers said, use only one character type\u2014either numerals or letters\u2014as a password. Most of those are built off the 123456 construct; seven of the top 10 passwords found via the controller started with 123. Password, admin and 111111 round out the top 10.\u201d<\/p>\n

\u201cUsers are still the weakest link in the chain,\u201d Aiello said. \u201cAs much as it pains me to say, internal employees must be viewed as the weakest link. Those who work in IT security are passionate about it, but a human resources employee looking to make the next hire, or the person processing next week\u2019s payroll, they most likely could care less.\u201d<\/p>\n

\n

References:<\/strong>
\nInformationWeek:<\/strong> OpenSSL Says Breach Did Not Involve Corrupted Hypervisor<\/a><\/p>\n

VMWare Security & Compliance Blog:<\/strong> Recent OpenSSL Website Defacement<\/a><\/p>\n

Threatpost.com:<\/strong> Pony Botnet Controller Holds 2 Million Stolen \u2013 and Weak \u2013 Credentials<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

When hackers recently defaced the homepage of OpenSSL.org, administrators initially claimed the attack cam \u201cvia hypervisor through the hosting provider and not via any vulnerability in the OS configuration.\u201d One day later, VMWare defended its ESX Server against the OpenSSL claim and \u2013 one day later \u2013 OpenSSL\u2019s investigation \u201cfound that the attack was made through insecure passwords at the hosting provider.\u201d VMWare, which originally claimed \u201cthe defacement is a result of an operational security error,\u201d released an updated statement when OpenSSL updated its advisory to \u201cconfirm that their understanding of the cause of this incident is the same as VMware\u2019s.\u201d What\u2019s the lesson here? Primarily, says Online Tech Senior Product Architect Steven Aiello, that attackers aren\u2019t interested in taking the hard road to their targets. \u201cHuman error, weak passwords and OS misconfigurations from inexperienced administrators are still the most vulnerable targets for hackers,\u201d he said. While the OpenSSL hack was harmless \u2013 the Turkish group responsible seemed only interested in bruising OpenSSL\u2019s pride \u2013 that\u2019s not typically the case. Complex criminal organizations are becoming quite effective at making money in cyber space. Take, for instance, researchers at Trustwave finding another Pony botnet controller in December that was overseeing nearly…<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[59],"tags":[],"other_category":[],"class_list":["post-2768","post","type-post","status-publish","format-standard","hentry","category-information-technology-tips"],"acf":[],"yoast_head":"\nHuman error, weak passwords and OS misconfigurations still the most vulnerable targets for hackers | OTAVA<\/title>\n<meta name=\"description\" content=\"Human error, weak passwords and OS misconfigurations from inexperienced administrators are still the most vulnerable targets for hackers.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Human error, weak passwords and OS misconfigurations still the most vulnerable targets for hackers\" \/>\n<meta property=\"og:description\" content=\"Human error, weak passwords and OS misconfigurations from inexperienced administrators are still the most vulnerable targets for hackers.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2014-01-08T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/Aiello.jpg\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"Human error, weak passwords and OS misconfigurations still the most vulnerable targets for hackers\",\"datePublished\":\"2014-01-08T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/\"},\"wordCount\":521,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/Aiello.jpg\",\"articleSection\":[\"Information Technology Tips\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/\",\"url\":\"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/\",\"name\":\"Human error, weak passwords and OS misconfigurations still the most vulnerable targets for hackers | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/Aiello.jpg\",\"datePublished\":\"2014-01-08T00:00:00+00:00\",\"description\":\"Human error, weak passwords and OS misconfigurations from inexperienced administrators are still the most vulnerable targets for hackers.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/#primaryimage\",\"url\":\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/Aiello.jpg\",\"contentUrl\":\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/Aiello.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Human error, weak passwords and OS misconfigurations still the most vulnerable targets for hackers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Human error, weak passwords and OS misconfigurations still the most vulnerable targets for hackers | OTAVA","description":"Human error, weak passwords and OS misconfigurations from inexperienced administrators are still the most vulnerable targets for hackers.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/","og_locale":"en_US","og_type":"article","og_title":"Human error, weak passwords and OS misconfigurations still the most vulnerable targets for hackers","og_description":"Human error, weak passwords and OS misconfigurations from inexperienced administrators are still the most vulnerable targets for hackers.","og_url":"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/","og_site_name":"OTAVA","article_published_time":"2014-01-08T00:00:00+00:00","og_image":[{"url":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/Aiello.jpg","type":"","width":"","height":""}],"author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"Human error, weak passwords and OS misconfigurations still the most vulnerable targets for hackers","datePublished":"2014-01-08T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/"},"wordCount":521,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"image":{"@id":"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/#primaryimage"},"thumbnailUrl":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/Aiello.jpg","articleSection":["Information Technology Tips"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/","url":"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/","name":"Human error, weak passwords and OS misconfigurations still the most vulnerable targets for hackers | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/#primaryimage"},"image":{"@id":"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/#primaryimage"},"thumbnailUrl":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/Aiello.jpg","datePublished":"2014-01-08T00:00:00+00:00","description":"Human error, weak passwords and OS misconfigurations from inexperienced administrators are still the most vulnerable targets for hackers.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/#primaryimage","url":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/Aiello.jpg","contentUrl":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/Aiello.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/human-error-weak-passwords-and-os-misconfigurations-still-the-most-vulnerable-targets-for-hackers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"Human error, weak passwords and OS misconfigurations still the most vulnerable targets for hackers"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2768","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2768"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2768\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2768"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2768"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2768"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2768"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}