Had some fun today!
IT Security in the wake of recent Google attack
Absolutely fascinating reading on the state of IT security and corporate espionage.
From: Report Details Hacks Targeting Google, Others | Wired.com.
I'm guessing sales of statefull packet inspecting firewalls will increase this year! It's sad reading about exploits caused by organisations not following common sense security best practices.
In a funny way these compromises actually validate Google security approach. For example they are:
I'm guessing they are cracking down on internal IE usage right now. If I were maintaing an IT department I think I'd configure the proxies and firewalls to forward all outbound traffic from old browsers to a page outlining internal browser policy and offering download links for new ones (after having provided and promoted official alternatives and provided workarrounds for web developers).
Anyone know of a good neutral third party website you can point people to to learn about browsers?
At this point, [the hackers] move laterally through the network, compromising systems as they go and using other exploits to attack additional vulnerabilities. The systems being compromised are Windows systems.
Stolen e-mail messages and documents are collected and stored on a staging server inside the company’s network before being encrypted with custom algorithms and compressed into an .rar file. The files are then siphoned out in small random bursts generally via normal protocols with spoofed headers to disguise the activity. In the case of the Google hack, the attackers used an SSL port but a custom protocol.
From: Report Details Hacks Targeting Google, Others | Wired.com.
I'm guessing sales of statefull packet inspecting firewalls will increase this year! It's sad reading about exploits caused by organisations not following common sense security best practices.
In a funny way these compromises actually validate Google security approach. For example they are:
- Openly encouraging people to move to more up to date browsers
- Making there own open source browser (chrome) which focuses on security thus publicly demonstrating how to solve the very problems being exploited.
- Making web based applications which they can manage and apply security best practices to, thus partially outsourcing the challenges of maintaing secure applications for businesses (I really like their new browser based pdf viewer).
I'm guessing they are cracking down on internal IE usage right now. If I were maintaing an IT department I think I'd configure the proxies and firewalls to forward all outbound traffic from old browsers to a page outlining internal browser policy and offering download links for new ones (after having provided and promoted official alternatives and provided workarrounds for web developers).
Anyone know of a good neutral third party website you can point people to to learn about browsers?
Push off! The internet is global and so is your market
Thanks for trying to access the microsite for Sigh No More - Mumford & Sons
Unfortunately due to contractual restrictions, access to this promotion is not available to residents of Finland.
From Push Entertainment (if you are in finland).
Yet another case of legal nonsense stopping fans listening to music. This is particularly stupid since I was trying to access "bonus content" for those that "own a copy of sigh no more".
Before signing to a major label (Island) Mumford and sons did a good job of promoting themselves using sites like myspace and rawrip. The latter lets them give away tracks to fans or sell them and take 100% of the money. I was hoping they might get big without a major label to help.
I'd downloaded their first two singles and listened to the tracks tons (as well as the tracks on myspace) all for free. When the album came out I bought it straight away. I've paid to see the band at least 5 times. I'm a fan that wants to support some musicians trying to earn a living.
Its sad to see large corporations continue to screw it up like this.
Island records: The internet is global and so is your market. Adapt or die.
BTW: Sigh no more is an amazing album!
Subscribe to:
Posts (Atom)
