G+_George Kozi Posted December 5, 2014 Share Posted December 5, 2014 Why not call it "Hack This"? http://gizmodo.com/sony-kept-thousands-of-passwords-in-a-document-marked-1666772286 Link to comment Share on other sites More sharing options...
G+_Daniel J Brieck Jr Posted December 5, 2014 Share Posted December 5, 2014 Because that was the name of the computer ;-) Link to comment Share on other sites More sharing options...
G+_Dave Trautman Posted December 5, 2014 Share Posted December 5, 2014 Good one Daniel J Brieck Jr. George, I've worked in enough large organizations to know there are practices which would make you cringe. Media companies may be culture savvy but they have the same number of clueless employees any other company might have. The sense of invulnerability extends from the IT departments right up to the financial wizards in the CEO's office. They get told no one can break in and then they forget about the people who come to work every day. From what I've read the SONY breach was an inside job. Which allows me to repeat that the weakest link in any security plan is the people (or staff) who have to carry it out. Link to comment Share on other sites More sharing options...
G+_George Kozi Posted December 5, 2014 Author Share Posted December 5, 2014 Dave Trautman That's one scary picture you painted right there. Link to comment Share on other sites More sharing options...
G+_Dave Trautman Posted December 5, 2014 Share Posted December 5, 2014 That's why I always emphasize to my clients that they should treat their employees like a valuable member of the organization and show them the respect and encouragement they deserve. The good ones will take this to heart and the bad ones will abuse the privilege. It's pretty easy to determine which of the staff are bad apples. Then you move them (slowly or quickly depending on the level of threat they represent) to less important roles within the organization until they either find other work or become redundant. I learned this from a security guy with the provincial government back when they still used mainframes. He told his ministry the weakest part of any security plan was the people you entrust with the secrets. It doesn't matter how many times they change their password, they will still leave a USB key on a table at a convention without giving it another thought. We had a very famous case of a federal security agency person who stopped into a convenience store for just a minute and left his briefcase in the back seat of his car. When he got home the case was not there. His laptop contained extremely valuable information. Fortunately the thieves were not interested in the data but just the hardware. The computer was located later by police who checked pawn shops. But this guy did not even consider the possibility of being responsible enough to keep the case with him at all times. Even if it looks dorky to be buying a slurpee while holding a briefcase. There are hundreds of these stories I could tell you. The best are about "security experts". But I'll just stop here.? Link to comment Share on other sites More sharing options...
G+_George Kozi Posted December 5, 2014 Author Share Posted December 5, 2014 I have never understood why some are allowed to take home machines with sensitive data on them, or that would potentially allow someone to reach what he shouldn't be able to reach, by stealing and hacking that machine. Link to comment Share on other sites More sharing options...
G+_Jack Zhang Posted December 6, 2014 Share Posted December 6, 2014 Do the right thing, write them down on physical paper and laminate it. Link to comment Share on other sites More sharing options...
Recommended Posts