Security Street Knowledge
  • Nothing but NET!
  • Pass Policy…

    Over Regulations…

    Through Vulnerabilities…

    Nothing but NETwork!

    As I sit here watching the 2011 NBA Slam Dunk contest, I can’t figure out which story on Monday will be better.  Blake Griffin jumping over a car for a slam dunk OR HBGary getting hacked by the WikiLeaks Supporter group called ‘Anonymous’.  Like others have said, “it is hard not to like Anonymous”.

     

    ——————————————————————————-

    What is really sad, is that for many years there have been conspiracy theories about secret quasi-government contract companies like HBGary.   Rarely in our lifetime we see it unfold before our very eyes with irrefutable evidence.  What make this story so special is HBGary (a security firm) did not follow the same advice they give to their own clients as it relates to standard security practices.  I will get back to the “How HBGary got Hacked” part but let me say this first.  (We) security analyst, consultants, engineers, managers and even privacy advocates have been preaching the same thing over and over by saying:

    • “use complex password / frequently change”

    • “patch that so-called critical system” – maybe that’s why it keeps crashing FOOL!

    • “don’t use the same password for your personal twitter account that you use for your company Admin access” – DUMMY!

    • “Stop browsing the Internet from your server, especially since you are so afraid to update your IE browser to the latest version” – Mr. Fandango Movie Surfer!

    • “It doesn’t matter if you passed your Audit” –  WHO CARES? HACKERS DON’T

    • “Stop! Don’t spend any more money until you fix the problem from 3 years ago, which can be done with the Interns you already have…” – FOR FREE!

    OK, back to the HBGary story,  I do not condone breaking the law but Anonymous is teaching us all a good lesson.  The lesson we should learn is that Corporations have lost their way.  By that I mean, supposedly ‘good-guys’ using ‘bad-guy’ tactics in place of good ole’ fashion Defense-in-Depth security. Instead HBGary had proposed (indirectly to Bank of America) to go after reporter Glen Greenwald, Anonymous and Wikileaks by leaking fake documents and fraudulently creating fake friends on social media sites.  All this to gain favor for getting government security contracts.  As it unfolds, “Anonymous took down HBGary’s website, stole their e-mails, deleted the company’s backup data, trashed the CEO’s Twitter account and remotely wiped his iPad.”  NOTHING BUT NET!

     

    WATCH: The Colbert Report on HBGary hacked by Anonymous

    You need to install or upgrade Flash Player to view this content, install or upgrade by clicking here.

    -

    So I guess the whole point of this post is, unless we do basic security 101, Superstars will continue to SLAM DUNK!


  • Comments: Off Category: Uncategorized

Comments are closed.

cyber3.jpg