Reference : Network Attacks and Exploitation by Matthew Monte
Mistakes:
Fail Open: Fail to remove a user - leaving an avenue for unauthorised access.
Fail Secure: Fail to add a user.
For security, the trick is to minimize the number of potential systems and processes that fail open and to develop a response plan for those that remain.
Flawed Software:
Coming from mistakes, from the overall design structure, omission.
Inertia:
It requires force to change, where force is the resources and motivation to change and the knowledge that is necessary.
The Security Community:
In finding flaws and fixing them, the security community can make the Attacker’s job paradoxically easier. Patch released —> analyze the patch —> attakc before IT updates the systems.
Complexity:
Complex program, structure makes hard to fix, detect, analyze and implement.
Users:
Hard to deal with people who does not know about the IT
Bad Luck:
yeet
