If you aren't yet a Premium subscriber, you missed yesterday's analysis about null passwords and the lack of authentication in network printers and other places online. Go to our Premium page and sign up, subscription plans start at $10/month with multiple newsletters and corporate plans available. Premium subscribers get an additional Thursday newsletter, usually with a single analysis topic.
Speaking of lacking access credentials, researchers have discovered an XXE vulnerability in HP’s Project and Portfolio Management Center. This involves an XML external entity injection vulnerability, which allows an attacker to exploit the application that parses XML input and reflects it back to the user without any validation. HP is aware of the issue but hasn’t yet provided a patch.
In a survey of 600 IT professionals, about two-thirds of users never change their default passwords, and more than 70 percent of respondents regularly use public Wi-Fi for their work tasks. There are other old chestnuts in this Verizon mobile security report that are worth showing to your superiors, if they need reminders.
--David Strom, editor of Inside Security