At the SecTor security conference in Toronto, Jamie Gamble, security researcher at Accuvant, detailed how old security issues that first surfaced in the 1990s remain security concerns today. Gamble’s talk, titled “The More Things Change: The Vulnerabilities that Time Forgot,” included issues related to trust, networking and system configurations in Windows and Unix machines.
Trust lies at the root of many of Gamble’s vulnerabilities.
“Machines trust each other and because of that you still find interesting vulnerabilities,” Gamble said. “We’re still lousy at network segmentation, VLANs have not solved the problem, and segmenting users from each other is still hard.”
When everything on the network is trusted, unauthorized users get access to items they shouldn’t be allowed to access. VLANs segment a network to a degree, though Gamble argued that most system administrators don’t properly configure for proper role-based access control.