The Domino Effect

[Kaido]

https://www.engadget.com/2017/09/21/fedex-ransomware-notpetya/

https://www.theregister.co.uk/2017/...tack_cost_us_300m_says_shipping_giant_maersk/

1. NSA has hacking tools for computers using a Windows exploit
2. NSA themselves gets hacked & their exploits leaked
3. Leaked information gets used: "NotPetya" virus combines Crytolocker + NSA-leaked Windows exploit
4. FedEx's Dutch shipper TNT Express & Maersk (responsible for 15% of worldwide shipping container network) both suffered $300 million losses each due to the virus.

Holy crap.

 

[Elixer]

...and all this could have been avoided if they followed simple security guidelines.
It is one expensive lesson to learn.

 

[Kaido]

...and all this could have been avoided if they followed simple security guidelines.
It is one expensive lesson to learn.

So many failures in the security chain. Where's the complete set of offline backups? Why weren't the connected backups handled under a separate backup admin account? Did we learn nothing from the Toy Story near-miss??

Probably like 99% of the places I've worked with don't take security seriously, at least, not until they get hit themselves, and then there's a knee-jerk reaction & quick implementation. Plus, look at all of the big companies that have gotten nailed recently...Target, DNC, Home Depot, etc. And just look at all of the ridiculous security news from the past month:

• 3.12tb of Vevo data leaked
• BroadSoft stored over 4 million Time Warner Cable customer records on Amazon cloud servers without a password
• Hackers Steal Personal Information of 143 Million US Consumers From Credit Reporting Agency Equifax
• SEC hacked & data used to make profitable illegal trades
• Viacom accidentally left a trove of key internal access credentials, critical data and configuration files exposed on an unsecured Amazon server
• Data Breach Exposes Thousands of Job Seekers Citing Top Secret Government Work

All I can conclude is that companies don't know what they're doing & don't really care, either. Mr. Robot isn't entertainment, it's a faux documentary on what's going on right now with our (in)security issues at corporations...corporations that have copies of our credit cards, social security numbers, home contact information, buying habits, surfing habits, etc. It's bananas!

 

[Kaido]

Wow...Adobe just dumped its private PGP key online:

https://www.theregister.co.uk/2017/09/22/oh_dear_adobe_security_blog_leaks_private_key_info/

Ouch

 

[Elixer]

Wow...Adobe just dumped its private PGP key online:

https://www.theregister.co.uk/2017/09/22/oh_dear_adobe_security_blog_leaks_private_key_info/

Ouch

I hate to laugh, but, LOL.
If it wasn't bad enough that Adobe had so many exploits in all their software, now, they give out the PGP key to cause some short term chaos, until they revoke that key.