For several years as I have learned more and more about how computers, networks, and policy are interrelated. I have felt security in these areas is actually getting weaker. I listen to people just blame security issues on Bill Gates and think they are immune because they can bash a vendor. This seems to be happening by over governing some aspects, under funding, and hiring of absolutely the wrong people. Today I saw a couple of blog posts that should let you know exactly how bad it is out there.
First, consider this from Taosecurity. If you don't believe that is our stolen technology staring you in the face, it is. APT is a really hip buzzword, but it's real and you better figure out what it is and where it is on your networks. I know a couple of govie orgs suffering from this right now but they are too arrogant to think it could happen to them so it will remain on their networks until.. well probably awhile.
Saving the best for last, I read about the carders.cc job. No, I didn't read the 900 cut-and-paste opinions on it, I read it from the d00dz who did it. Are you still confident about your security, wanting to trust your users, wanting to trust some 1337 guy you hired? Read this e-zine from the 0wned and Exp0sed crew. If that doesn't make you realize we all suck at security, I don't know what will.
I am not at all saying we, or anyone mentioned, is stupid. I am stating that the enforcement of the status quo must stop. We all need to learn more, do more, and weed out the lameness. Note in the zine that if you have used (installed) ettercap in the last five years, you might want to check your "shit." Do you know how many of us use that? ALL OF US!! That sucks!. These people went after several high-profile well-respected security pros, and their websites and 0wned them at will. If you think you're immune please share your awesomeness with the rest of us because this should make you realize how bad the state of security is. What this group did is wrong but things like this need to happen in order to get things moving in the right direction.
No comments:
Post a Comment