Well it seems to me that this is a wake up call to ANY AND ALL major backbone corporations.
Its time to rethink security.
There never will be any policing the internet at least not effectively, the only great policing we have for our networks is to block large portions or even entire countries from accessing networks at backbone levels. and even then this is simple for anyone to get around. Internet2 is just flat out designed wrong and provides central points of failure from the exact same kind of corporations that have just been attacked. These attacks from the chinese government on cybersitter, google, adobe and all the others is a major wake up call. The sophistication of these attacks is much beyond the target a server and scan the ip for vulnerabilities The attackers knew what operating system, and what browser version the computer they was attacking, the email was crafted to that person and was able to get them to a: click a link, b: exploit the vulnerability or c: get them to open a file attachment that has the payload and attack. The emails also appeared to be from coworkers i do believe. With attacks this targeted, I want you to stop and think, if you run a large corporation with thousands of employees each with their own email address, their own computer, a vpn connection from their home to your network. Everything being a gateway to your data and just about everything else in your company. This leaves you as vulnerable as the security of each individual employee. Every company should have a very strong security policy for both technical level and the workplace. While these attacks are very sophisticated attacks, that does not mean they are hard to pull off.
China and these other places cannot be allowed to condone business this way in stealing information The fact of the matter is, most of the botnets you hear about on the news are 80% asian computers. and the reason those numbers are so high is because the economy there cannot afford better computers, so they are stuck with some very old insecure computers usually running pirated versions of windows. or old 486`s running linux in these tiny datacenters all over the place. i remember back in the day when hacking was in the scan and hack days when people targeted the 211.x.x.x range(korea and whatnot) because it had more insecure networks than any other range on the internet, and still leads true to this day judging by all the recent ddos attacks i have had the fun experience of trying to stop this year working for various places. So basicly what im getting at is china the u.s and major corporations and other big entities have placed themselves in a position to where there entire infrastructure can be compromised by only a handful of people. Do we really want this out of our leaders? Google has the biggest database on everything in the world, Adobe controls software installed on a very very large portion of the internets computers(shockwave flash). Oracle they make database software not really to sure why they was attacked only thing that comes to mind would be the fact they can stream updates to every company that uses there database software(that number is massive) and posibly allow remote attackers to grab any database from any company receiving the updates or possibly stream a trojan with the update and have full access. There are more companies that was attacked these companies need to come forward and let people know what these attackers are after, what is in place to protect it?. Till that happens it is impossible for other companies to harden there own security policy.
Ill be fighting to legalize freedom tell the day I die.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment