Article Options

You don't know where that's been!

 
markpainter| October 31, 2011 - last edited November 3, 2011
1 Comments
0

Leaving work recently I saw something shiny in the bushes and quickly discovered that somebody had either lost or discarded a CD in there. My first thought, of course...wonder what's on it (iTunes ain't cheap). Ten years ago, I'm sure I would have found out. Luckily, I now work in the security industry, and know better (most of the time, anyway). Unfortunatly, a lot of people who should don't. I was reminded of the results from a penetration test the Department of Homeland Security conducted this past summer where they dropped thumb drives in the parking lots of various federal agencies. How many were plugged in?  A not insubstantial 60%.  When a corporate logo was included, that rate went up to a staggering 90%. Remember, these are federal employees who one would assume have somewhat regular cyber security training. If HP conducts it once a year, I have to think the government does something similar.

 

We've been talking a lot amongst ourselves about the RSA breach earlier this year and how it could have been prevented. There are a lot of products and services that HP offers that could have stopped the explotation in its tracks. Unfortunately, we don't yet offer one that can conquer curiousity. In this day and age, when one vulnerability is all it can take to comprimise a site, and when critical infrastructure and information suddenly are web-accessible when that was not the original design, stronger training mechanisms are needed to prevent social engineering attacks of this nature. Are we really that far off from seeing public service announcements about cyber security? Probably not. I think we're about to find out what the cyber equivalent of 'duck and cover' is.

Tags: department of homeland security| duck and cover| rsa| social engineering| web application security View All (5)
0
Comments
Andrew Yeomans(anon) | ‎11-07-2011 02:31 AM
Options

Aren't we blaming the wrong people?

 

The key question is: "Would anything bad happen to those computers if a USB device were plugged into them"

 

If so, then the people to blame are those who specified or installed or configured such a vulnerable system. Even brand new devices have sometimes had malware loaded on them.

 

If not, then where's the problem? Unless it's labelled, you have to plug in a USB thumb drive to have a chance to see who it belongs to, so you can return it (and maybe blame them for losing data).

0
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
 
Search
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About the Author(s)
  • This account is for guest bloggers. The blog post will identify the blogger.
  • Michael Deady is a Pr. Consultant & Solution Architect for HP Professional Service and HP's ALM Evangelist for IT Experts Community. He specializes in software development, testing, and security. He also loves science fiction movies and anything to do with Texas.
  • Sridhar Karnam has been a product management professional with over 11 years of building and evangelizing the products in the information space. Understands the social, mobile, local, cloud, and the security space. He has worked with products from both Fortune 10 companies and start-ups in enterprise IT, robotics, and mobile space. Sri was building robots for manufacturing industries and defense before joining HP in the security group.


Follow Us
Top Kudoed Posts
View All