Tagged: client

03
Dec
2019

VNC Client and Server Software Vulnerabilities Found

The Hacker News reports that dozens of new VNC client and server vulnerabilities have been found in the open source versions of the tools used by IT departments all over the world. If you are like me and think “VNC, who uses that any more?” then you should go check out a YouTube video by Tobias Mädel where he connects to open VNC servers all over the internet. Sure, the video is from 2015, but when you think about how quickly industrial plant management software and device firmware is updated you can bet money that there are still plenty of open VNC servers still running and accessible.

The moral of the story? Don’t expose critical systems and services (like RDP and VNC) over the internet unless it is absolutely essential. If it is essential, and you can’t put them behind a VPN, then you had better use a very strong and complex password to secure the access. Even with a VPN you should do that. Lastly, you need to makes sure you and any vendor you are purchasing software and devices from have a strong policy of pushing out updates anytime a vulnerability is found. You can’t afford to wait five years for an update when your chemical plan control system is left completely exposed on the internet through remote access software flaws.

27
Mar
2019

Your Customers Don’t Care About Your Vendors

Sabre Airline Solutions suffered a major outage this morning which the media quickly jumped all over and were trying to figure out what happened and why. I’m not here to talk about why the system went down or why the company didn’t do more to prevent this type of situation. As an interesting aside, I actually worked for a company a long time ago that became part of Sabre but that is a story for another time.

Anyway, the point of this post is to remind companies that your customers could care less about who your vendors are and they don’t care that it is your vendor’s system that caused the problem. As a service provider, you must own the issue, the problem is yours and you can’t pass the buck to some vendor that no one knows about or why they should even care. When you enter into a contract with a vendor, your organization assumes all of the strengths and weaknesses they bring to the table. Their faults are your faults and their accomplishments are your accomplishments. If you aren’t willing to agree to the terms of this marriage then you’d better never sign the contract to begin with because it will not end well.

So to recap:

  1. Never pass the buck and blame your vendors in front of your customer, the issue is yours.
  2. If you aren’t willing to own your vendor’s faults then you shouldn’t be entering into a relationship with them.
  3. Your customers don’t care that you have vendors. They care about the service YOU provide. For them your vendors = you.
Jonathan Cilley

Follow me on Twitter