The Register reveals a Bug in SAP recruiting software

Bugs, they are plentiful at the moment. The Register today highlights the case where it’s possible to spoof your way into the system. It’s now fixed if you apply the note mentioned in the article.

But the alternative use of this bug described in the article, amused me….the concept of using the opening to register staff so they couldn’t apply to your competitors advertised jobs.

Advertisements

So exactly what is safe these days?

There’s a story in the Register that talks about a risk in SAP’s point of sale software. Even the biggest software suppliers are falling victims to flaws and exploits – so what can you do to lessen the risks in this dangerous digital world? The first thing to say is that things are as safe as the way you behave. Think of this as a war. You need to construct your defence, so think like a castle. You should have a layered defence, moats, walls, gates that you open and control who comes in, and you keep the crown jewels safe in the keep at the centre.

So think firewalls, think patches of each of your layers, and for your PII data think only expose what needs to be available on a need to know basis. And this is a never ending activity….because as fast as you build up your fortifications, someone somewhere will be digging that tunnel or designing that battering ram.

So keep up to date, stay vigilant and never, never become complacent.