Monday, December 12, 2016

"Soul of a jug"

Today, one year ago...

If you call someone “alma de cántaro” in Spanish, you mean something like “soul of a jug”, pinhead, like he is a fool and people make fun of him easily. The stories that happened a year ago are starred by people who were too innocent. It’s good to remember them and not repeat what they did. Otherwise, you will have to learn the lesson in a hard way.

The first testimony is about a white hat hacker who had been to The Phone House at a Media Markt in the Netherlands to buy a new smartphone and discovered some naive souls along the way. First, the hacker was surprised to see a piece of paper pasted on the computer screen, visible to all visitors, with the password on it: “media321”. Ok, we can accept that your password is obvious and easily hackable, but please, please, please, do not write it down on a post-it on the monitor, in front of everybody!

The funny thing here is that the shop assistant even joked with the hacker about how innocent and irresponsible that action was… Five minutes later, the customer was stunned to see how the seller opened an Excel file, hosted on Google Drive, with all the customers’ passwords to Vodafone, KPN, Telfort, T-Mobile, UPC and Tele-2.

On that occasion, he couldn’t take a picture as proof, because he didn’t have a phone, but weeks later he came back to the same store and repeated the process with another seller, who did exactly the same as his predecessor. In the end, the hacker decided to write to the company to warn them of the danger of all these vulnerabilities. The company’s response was to deny the facts, but didn’t correct any of the mistakes. If you want to know how the story continues, we recommend you to keep reading the hacker’s blog: Sijmen Ruwhof.

365 days ago we came across another naive soul, a pinhead: The Guardian. Black hat hackers infected an article entitled “Is cybercrime out of control?”. They used the Angler exploit, taking advantage of the holes in Java, Flash and several browsers. They introduced ransomware into the visitor’s computers who hadn’t updated the latest versions.

We finish our review of last year with the story of an employee from the financial Morgan Stanley company. He had taken information related to 350,000 clients, something that is totally illegal. But, the worst part comes now, he claimed that he had been hacked and the information had been stolen. He was the first person to blame. If this was true, he was another naive soul. What is sure is that companies should train their employees on basic cybersecurity guidelines.

How are not we going to be hacked! “Almas de cántaro”, “Soul of pitchers”, "Pinheads". It seems that we have written on our forehead with a marker: “Steal my passwords, please, it is 12345678”.

Picture: Painting by Isabel Guerra 


Post a Comment