BreachExchange mailing list archives
Employee incompetence is a hacker's best friend
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Thu, 10 Mar 2011 02:08:12 -0500
http://www.infoworld.com/t/misadventures/employee-incompetence-hackers-best-friend-819 Tech stories of data vulnerabilities caused by incompetence and overlooked details by executives, IT managers, or admins Security breaches -- they're an IT issue that's difficult to prevent completely, but even harder when the threats develop from the inside, whether it's hardware stolen by dishonest employees or data loss caused by oversight within the ranks. How does a techie deal with security issues effectively when executives, IT managers, or fellow admins don't take the necessary precautions? Bureaucracy and incompetence make for tricky situations. Here are a handful of stories from the Off the Record archives that are written by tech pros about their memorable experiences dealing with security vulnerabilities that could have been prevented. Security technology and procedures may change, but handling users' security misunderstandings or oversights does not. "Steal my data, please." A university's server gets hacked, all because the boss was too scared to install a firewall. "An IT contractor discovers too much company information." Just days into a short-term contracting job, a techie unearths a surprising security risk -- and exposes the network admin's misplaced priorities. Take an open network, add file sharing, and you have a security hole big enough for a battleship -- and a reminder of why it's important to let technical people set technical policies. "My unnatural disaster." Who needs malicious hackers when you have admins like this? "Danger inside the firewall." That nice, new wireless router the auditors brought in might as well have been a ticking bomb. "Why trouble employees with passwords?" Job title: Manager of network security. Instructions: Could not require anyone to have passwords, because it was asking too much to make people remember them. What could go wrong? _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Employee incompetence is a hacker's best friend Jake Kouns (Mar 10)