Wednesday, April 20, 2016

Exploring CERN's Vulnerability Database and User Responsibility



CERT? What is That?

CERT Division is part of Carnegie Mellon University's Software Engineering Institute
Man clicking a holographic screen showcasing a lock
Source: Georgetown University

The CERT Division focuses on studying and solving problems with widespread cybersecurity implications. They do this through research, working with organizations, developing new technology, publishing related blog posts, and providing training on topics such as Incident Handling, Network and Software Security, and Risk Assessment and Insider Threats.




Who is Responsible?

As is commonly discussed throughout any cybersecurity course, cybersecurity starts with the user, and the information CERT provides makes it very clear that this is accurate and provide users with tools and services to help them stay secure.

This post will discuss one such service: CERT's Vulnerability Notes Database.


Although users have limited to zero control regarding the precautions taken by a developer making a an item, software or hardware, they do have control over if they use it and how they use it. Scanning through the vulnerability database CERT provides and the National Vulnerability Database (NIST) they link to is a good way to stay informed about any security flaws that may effect them.

Although it might be tempting to deem such precautions insignificant for a single individual, that would be a grave mistake. The vulnerability report shown will make the reasoning clear.

Vulnerability Note VU#981271: Multiple wireless keyboard/mouse devices use an unsafe proprietary wireless protocol.



A social security card folded into a lock
Source: nextadvisor.com
In today's world, almost everything is done online and it requires a user to submit a lot of sensitive private information such as credit card and social security numbers.  Most of the time, this information is submitted through the use of a keyboard and mouse on the computer. Sometimes, through wireless versions of these devices.

All information submitted first passes through these devices. If they not secure, then it means all of that information is at risk. This is something people need to be aware of, so they can take the proper precautions to either use a different device or follow the advice in the database to secure their devices.

For the users who have discovered vulnerabilities by themselves and have reached out uselessly to developers and producers regarding them, CERT encourages the submission of such vulnerabilities to their database. At which point they will work with vendors on how to best manage such vulnerabilities.

Keep CERT's Vulnerability Database and other services in mind as you go about your online activities, because remember:


Image of Detective Shadow saying "Vigilance Begins With You"
Source: U.S Army
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)