They are there. Be Afraid. They can be anywhere around the world. They are shadowy, murderous, mysterious in this vast and cool and unsympathetic. Security consultants and anti-virus firms whisper legends of its clients, to scare them straight. They are Voldemorta online security, except that everyone is all too say its name: Advanced persistent threat. Hide your children! You can't stop them!
... Well, actually you probably could pretty easily too, but apparently most people can't be bothered.
Vanity Fair just breathlessly approached wrote about "operation shady rat", "type of malware that has never seen before: spear Phishing e-mail contains a link to a Web page that, when clicked, automatically loads a malicious program is a remote access tool, or rat on the computer of the victim." Military industry standard-bearer Northrop Grumman is constantly under attack by Cyber gangs. "a few months ago, security firm RSA SecurID became victims of" Advanced persistent threatsslowly and consistently attack used by hackers to obtain specific information, "Pentagon alive APT threat and said that it is starting to pay more attention to deterrence than defence spending, because" every year, the amount of intellectual property, exceeds the size of the library of Congress had been stolen from the Government of the United States and the private network. "why, just this week, San Francisco State systems of Bart was hacked —
… waaaaaait per minute.
One never can be sure, particularly in the field, but it seems that Bart police database was hacked ... a French girl, who said: "they have zero security." Here is the link, it was used to hack them. Don't worry, it is no longer active. A good look at this URL. Remind you of anything? It should, if you're a reader of XKCD:
Oh SQL injection that old duck. But wait, it gets even worse:
Seriously? Seriously? Plain text? Who manages security for these jokers, Mr. Bean?
Okay so that it is possible to hack the script kiddie, Barth was enabled by morons. But what about the "Shady rat"? So glad you asked. Vanity Fair of hyperbole makes it sound like no one in the history of the Internet never sent the letter associated with a page with a browser vulnerability. The land of their editors: you're about a decade and a half behind the times. The attacker then used steganography to communicate with the compromised computers. Ltd., steganography, scary and difficult to pronounce! Of course, this might surprisingly sophisticated … ten years ago.
RSA hack worked in exactly the same: letters to employees with enticing investment, as well as vulnerability Flash zero-day. And media tech went crazy about the deadly APT attack on a security company. Are you kidding me? This is an example of "Advanced persistent threats"? Adobe products are legendary for their security. If this is APT, because it was News corporations kindergarten tech story tampering of cellular phones.
But don't just take my word for it: "this attack is described in the shady rat truly advanced persistent threat? I would argue that this is not the case, especially if you find errors in configuring servers and relatively non-sophisticated malicious programs and methods used in this case, "said Symantec security researcher Hon LAU. The world or how it sarcastically, re APT attacks in General: "the striking thing is the sophistication of the justification of the victims, not techniques crackers … Only 3% of the attacks were seen as too slick for victims failed to stop. This leaves 97 per cent of the victims of violations, trying to find something other than themselves to blame. “
There is a genuine, complex, brilliant black hat hackers out there. Some of them work in groups. Some even work for the State and the armed forces, including the most likely people who hacked Google eighteen months ago. But most of the hacks was made possible because the victims allowed them; and we must not forget that the security companies have every temptation to make the risk seems to be as deadly and complex as you can.
Organizations around the world to put up a full range of firewalls, Byzantine and Kafkaesque security policy, to send delegates to conferences security very seriously talking in hushed voices about the apartment, and have endless pointless and/or catastrophically counterproductive for security Theatre, such as forcing people to use it is impossible to remember passwords
If you store these incomprehensible plaintext passwords database URL is vulnerable to SQL injection as their staff open poisoned attachments sent by strangers. It's like to be very worried about whether the enemy fired a cruise missile in your House that you forget you leave your car parked overnight with the door open and the ignition key. In Auckland. Worry about apartments, directed by, say, China is very sexy — if blatantly sinophobic — these days, but may not have to start worrying about the enmity of the Middle Kingdom, until they first established their ability to handle boring French teenage girls with a bone to pick.
Image credit: public enemy/Minor Threat ", believekevin, Flickr.
No comments:
Post a Comment