Friday, July 18, 2014

Better safe than rich

“I'm talking about liquid. Rich enough to have your own jet. A player. Or nothing.” Gordon Gekko, the wolf of finance, was so clear when talking to his pupil, Bud Fox, on the 'Wall Street' (1987) memorable scene in the limo. 

Almost 30 years later, if a security expert took the role of Bud Fox, could answer mr. Gekko that before becoming a player, he better think of "protected or nothing." An expert such as Pierluigi Paganini, editor of Security Affairs blog, describes in one of his last posts the attack carried out by some Russian criminals against Nasdaq, aimed to knock down the global economy. This operation took place in 2010... so imagine all the things they must have tried in the past four years.

A huge attack like this is almost as creepy as Gekko’s lack of scrupulousness, right? But it is even more bloodcurdling the interview published by Eric Norr at Infoworld, in which an anonymous source speaks about his experience in several specialized companies. For example, he got a pentesting work for an advanced persistent threat (APT) and discovered that the attackers had taken valuable information: the information about vulnerabilities of all the company’s customers, which were part of the prestigious Fortune 500.

Google, which can be considered the "Gordon Gekko of the Internet", has been already working for a while to stop cybercriminals. Its latest proposal, which we already talked you about yesterday, is Project Zero. Today on TicBeat they give us some more details about what Zero-Day research team is and who are its members. One among them is making headlines because he is George Hotz, aka geohot, who managed to be known as "the PlayStation 3 and iPhone hacker." This is a person who certainly Gordon Gekko would not invite to his table... Well, it’s up to him. Times change. Remember, "protected or anything." 

A recent survey reveals again that many Gekko’s in the world are rather laymen on this subject. Executives of large companies listen to their security teams very little, or at least this is how this teams feel. At least the tech companies are doing their job so that security breaches are not their fault: the latest patch released by Microsoft provides Windows administrators new tools to deal with the dangerous pass-the-hash attack, which means why enter a password when the system introduced it on your behalf? 

If these stories scare you to death, you must know you are not the only one. Thousands of professionals work everyday to anticipate problems or to mitigate them. And we tell you everything here on the CIGTR’s blog. Your votes, your support sharing our posts and your feedback to improve, whether you choose to leave here or on our social networks, are crucial for us. Happy weekend!

Source of the image: Youtube.


Post a Comment