|
|
|
|
|
|
by kryogen1c
2555 days ago
|
|
|
>5,406 unresolved SPLs—about
86 percent of which were rated high or critical
>JPL did not effectively address a known software vulnerability, first identified in 2017, with a critical
score of 10. This software flaw can be used by cyberattackers to remotely execute malicious code
>one of the projects has a waiver of JPL IT security requirements to change passwords
every 90 days. Instead, the project relies on a designated application and team accounts to share
password files, group files, host tables, and other files over the network There seems to be a fair amount of filler in the report (review access logs, out of date inventory, etc) but these points seem pretty damning. |
|
|
I bet someone could fire up a SATAN scanning instance with a Mosaic browser and find some open stuff on some of those old and crusty computers. :)