Submitted by
Users who Dugg This
paranoidgoat
122 Followers
Standard Madness
106 Followers
Sunny Sehrawat
875 Followers
Alvin *Happy New Year*
4127 Followers
Hassan Mikail
4 Followers
scoobtubecomJun 12, 2011
maybe society should consider paying IT staff a bit more in terms of salary and respect, and this might keep them on the "right side" of the fence instead of getting angry frustrated and drifting over to the dark side !
08stiJun 12, 2011
lol. I don't know about you, but generally IT people aren't capable of securing a company against those types of threats. Information security guys, network engineers and systems engineers, maybe.
brilo1Jun 12, 2011
Router/Firewall disconnect. Go to town sniffing on your network and find your issues. Hammer the hell out of your network and then close all ports that you can. Talk to ISP and get a new ip address. Difficult but not impossible.
Now if you're company is using some person from accounting because they know the most about computers and stuff.....good luck.
johnnysoftwareJun 12, 2011
Maybe there should be a license required to be allowed to store individual's private data like account numbers, social security number, date of birth, gender, age, medical info, deadly allergies, domicile address, personal phone numbers, etc.
If you lose everybody's data, you lose your license. You can't get more data. And to get it in the first place, you can't just say, "I am using the same software as everyone else [that gets hacked]". You have to prove if is very unlikely you will get hacked, and no As for effort".
If this storing of sensitive, personal, confidential, and criminally exploitable data was treated as a hard-won, easily lost privilege - I am sure a lot of corporations and agencies would take it a lot more easily.
They would have something to lose. And for starters, it would probably be their job. Which makes everybody serious and smart, if they're not in on the theft/loss.
OberynMartellJun 12, 2011
Yeah the closest thing I'm aware of to this is the PCI-DSS standards that cover the credit and debit cards payments type information, like with merchants and so on.
As far as I know, (correct me if I'm wrong, it's been awhile since I have looked at that stuff) PCI is not currently mandated into a federal law type thing which it maybe it should be along with what you are proposing with licenses for the all the other type of info that you listed.
I've only done some small reading about the why it's not and whathaveyou, but I also saw that some states have done this at their level to force compliance and into getting it made a federal law.
So yeah I definitely agree wholeheartedly that it needs to be treated like a hard-won easily lost privilege like you say, because the storing of the info is the rule and not the exception nowadays.
johnnysoftwareJun 13, 2011
Well, the problem is that one of the biggest credit card verification services around had the industry's PCI standard certification. They still got hacked, million's of people's credit card credentials still got stolen.
So, several months after the hack occurred and was made public, the PCI standards retroactively removed the certification. The certification was trying to protect its brand name.
Obviously, following the standard is not enough. Vendors are already good at putting their hands in their pocket and saying, "I followed the standard" or "I did what everyone else is doing".
Apparently, the standard these days is to get hacked.
Having a license that could be taken away would put the onus on companies to be creative and diligent about not getting their customer data stolen. We need to get companies on a footing where they are going, "man, I REALLY don't want my customer's data t get STOLEN" instead of "oh, well".
At this point, things are building up to a chain reaction. So literally, someone has to drop the control rods in before we find ourselves in a data theft/corruption meltdown.
cupidspeaksJun 13, 2011
lovely
ilcanislupus07Jun 13, 2011
I am starting to believe that all these claims of cyber attacks at major corporations a just a hoax or a corporate conspiracy. Either they are extremely incompetent or these alleged hacks are being used to cover something else up.
laurahoustonJun 13, 2011
probably should give a polygraph to all their management and all employees who have access to the personal info of their customers. make sure they aren't pilfering first.
If all these companies stopped storing customers information, tracking info and credit info..there would not be this problem in the first place!
bizandlegisJun 13, 2011
Go for a search on Cyber Legal Services
marcglezJun 13, 2011
An attack may appear to come from a particular computer, but this does not mean the attack originated at that device. Often a string of proxies located in different countries are used in an attack, "Complicating the forensic process."
emptybuddhaJun 13, 2011
Nothing really new here... "Spoofing" an IP address is not the same as a "virtual private network that connects to a proxy server before connecting him to the Internet"
johnnysoftwareJun 12, 2011
There is a book named Takedown that describes how one very pissed off computer security researcher personally went and tracked down a computer hacker to the opposite side of the US.
I think he was using a cell phone at the time, which is how they actually physically ran him down. But even then we were using the same Internet as back then. Same protocols pretty much.
There was a bunch of public news articles a dozen years or so ago about a US agency who, through a commercial spin-off bought a successful anonymous proxy server and offered it for use worldwide.
So, unless it takes a dozen years to consider the ramifications of a product/service you bought and offer being used as directed - hard to feel like this caught anyone off guard.
Anyway, this anonymous proxy server thing is not new at all. I think any surprises over it would have ended during the "due diligence" and "PR" phases.
The US public needs to be more computer literate and read/remember the news if it wants to compete in this global computerized economy.
From reading about the capture of the computer criminals, I get the impression Americans in charge of LANs and servers have not embraced the idea of securing them when the data held is Other People's Data. Likewise, it is very easy for someone to come to the US, buy a laptop, and steal American's data. Then, it's gone to the wind.
if the finance and retail industry would give more than passing attention to the technology they switched to in order to save money, then maybe they would lose less data.
One thing that would help security a lot and foil criminals is to throttle back or block computer running operating systems that fuel large number of very large zombie computers. This would basically be an immune response. If we do not do that, then we have a computing/networking infrastructure that exactly mimics a human body that has been compromised by AIDS.
And so we do, at the moment. Our computing infrastructure has AIDS. It's not at risk of getting attacked in the future: it has AIDS now.
brendakwangJun 13, 2011
I f*cking ♡ hackers so f*cking much.
seojointJun 12, 2011
nice read