Pages

Wednesday, August 28, 2013

Security Industry is Fundamentally Flawed - NYTimes, Twitter hacked via DNS

Yesterday, New York Times and Twitter DNS records got hacked by Syrian hackers loyal to President Assad's regime.   A phishing attack against Melbourne IT DNS register was used, where an unwitting employee downloaded an email with a Trojan which stole his credentials.
What's interesting is that Melbourne registry has been fairly careless about its security (it appears) - in XSSed database, there are several cross-site scripting vulnerabilities reported about them which haven't been fixed for two years.
This is yet another proof that security product industry is fundamentally flawed - it's focusing on the wrong things.   Security awareness should be at the top of the agenda for all the companies instead of investing millions of dollars into useless vulnerability scanners.  Secondly, the companies focus on protecting themselves but they don't enforce any security standards on 3rd parties that they deal with.
More information in an article in Huffington Post where I got quoted:

Such an attack happens often and is not very sophisticated, experts say. "What they did was pretty simplistic," said Aleksandr Yampolskiy, a security expert and chief technology officer at Cinchcast, a webcasting provider. "But what’s scary is if they were smarter they could have done more damage."
For example, the hackers could have redirected visitors to The New York Times to another website that installed malicious software on users' computers, Yampolskiy said.
http://www.huffingtonpost.com/2013/08/28/melbourne-it-hacker_n_3829593.html

Reactions:

10 comments:

I read a article under the same title some time ago, but this articles quality is much, much better. How you do this?
BOP spare parts

Dear , Author

I have just followed your blog on '' Software Activities '' which I understood about it . I taken more advantaged by this your blog . Really , I loved your blog . The second category - which this content is all about - is known as free software. Freeware is program that is both 100 % free and absolutely lawful to obtain. It is often designed as a hobby, by a developer who doesn't need (or doesn't want) to cost for it. Sometimes it is even designed by a whole team of individuals, as with Mozilla, creators of the fabulous Firefox internet browser, Open Workplace and many other wonderful Raid data recovery.

Thanks . Go Ahead .

Sometimes Legal documentation are most valuable but some time these documents are just peace of papers. Same as a degree having great value for that person which is winner of this degree but same degree having zero value when the achiever of the same degree are died. It means every thing have a value on time with the passage of time they become zero. Brilliant students explore their knowledge by writing good papers and if you are poor in writing then choose custom essay writing service from our source.

Awesome post! Obviously it is something rare to read and specific things are being mentioned here. More details can be accessed through search engines. Gud luck! Product Evaluations

click the above ink and visit the website .This website provide mobile apps mobile wallets and many other services.For more information visit the above website.

Great great! In the end I got a weblog from where I be capable of in fact take useful data regarding my study and knowledge. These type of articles keeps the users interest in the website, and keep on sharing more!

Overall your article is very good but i will suggest you to please make the SEO friendly title for your next post!!!!
Commodity Tips

We people are different from each other not because of our religion or race but by our choices and the decisions we make. goa family packages

Post a Comment