BreachExchange mailing list archives
2010's biggest security SNAFUs
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Sun, 5 Dec 2010 14:36:16 -0500
http://www.networkworld.com/news/2010/120210-security-snafus.html That old phrase SNAFU ("Situation Normal, All F---ked Up!") certainly describes our choices for 2010's top 10 security screw-ups. Not surprisingly some of the biggest names in technology – Google, Cisco, McAfee, AT&T – are prominent on the list, either because they're obvious hacker targets or because whenever they make a security mistake, it's big news. Without further ado, the list: Aurora attacks on Google. In what's come to be called the "Aurora attacks," Google in January acknowledges valuable intellectual property was stolen via a network break-in during that past December, intimating China to be the origin of the cyberattack. About a dozen other high-tech and industrial companies appear to have been struck in similar fashion. The Chinese government says it doesn't know what they're talking about. Outraged over thecyber-intrusion, Google, which had been adhering to Chinese dictates regarding search-engine censorship, says it will defy them, putting its search-engine license in China in jeopardy. But by year-end, under Chinese pressure, Google abandons its tactic of re-directing Chinese user traffic to its more liberal Hong Kong site and its renewed China license requires censorship. China ISP takes Internet for a ride.A small Chinese ISP called IDC China Telecommunication brieflyhijacked the Internet by sending out wrong routing data, which was re-transmitted by state-owned China Telecommunications, affecting service providers around the world. The event was noted in the "2010 U.S.-China Economic and Security Review" commission report presented this November to Congress, which pointed out for 18 minutes on April 8, China Telecom rerouted 15% of the Internet's traffic through Chinese servers, affecting U.S. government and military Web sites. Widely reported, media attention raised the question of whether China was somehow testing a cyberattack capability, but China Telecom rejected those claims, calling the April traffic re-direction an accident. McAfee's oopsie. McAfee goofs up by issuing a faulty anti-virus update — the now-infamous McAfee DAT file 5958 — which wreaked havoc on PCs of countless McAfee customers by causing malfunctions like the Microsoft 'Blue Screen of Death' and creating the effect of a denial-of-service. With CEO and President Dave DeWalt apologized profusely, McAfee worked to rush out various fixes for the SNAFU it had caused by mistake, but some irate McAfee customers felt it all could have been done better. Showtime for Cisco. Not the biggest data breach to be sure, but embarrassing for a networking company that wants the world to consider it a leader in security, having the sales to show for it -- and that's Cisco. Someone hacked into the list of attendees for the Cisco Live 2010 users' conference, a security breach that led Cisco to notify the customers as well as a broader group with dealings with the company. Though Cisco prefers to keep mum on some details, it appears a vendor told Cisco that someone had made "an unexpected attempt to access attendee information through ciscolive2010.com," the event site. Cisco said the breach was closed quickly, "but not before some conference listings were accessed." The compromised information consisted of Cisco Live badge numbers, names, title, company addresses and e-mail addresses. Cisco apologized by e-mail to both attendees and those who were invited but didn't attend. [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- 2010's biggest security SNAFUs Jake Kouns (Dec 05)