Monday, December 1, 2008

Friends Don't Let Friends Hack... and Do Drugs

... and this is exactly why: http://www.theinquirer.net/gb/inquirer/news/2008/11/25/heroin-hacker-steals

Whiskey Tango Foxtrot?!

I'm not sure who should be redder (more red?) in the face -Luxottica Retail or the "hacker". First off... if you're Luxottica you've got huge problems... and not because someone just stole data although that would appear to be a problem in itself. No, you have problems because they stole if off your mainframe... which should be buried deep within the annals of your company's security onion. Look, one of two situations are true. Either the company has terrible security and allows "outsiders" to ride their virtual rails straight to mainframe equipment (which is deplorable), or they had (gulp) a mainframe attached to a web page somewhere - which should have them brought up on charges... of stupidity for one thing. The situation is unclear on whether this was a web application hack, but if it was - wowza! I've been in several environments where a mainframe is just a screen-scraper-appliance away but those systems have to be rigerously controlled and are generally installed by default to be stupid-resistant. I'm not even going to guess at the exact cause until it's announced (if it ever is, which I doubt) - but this next quote has me on the floor laughing...
"A routine check by the information technology department discovered that a
hacker had been inside a computer mainframe and downloaded the personal
information of more than 59,000 former workers."

Obviously it wasn't routine enough, eh?

As for the "Heroin Hacker"... wow. Brings the phrase "Out in a Blaze of Glory" to new heights huh?

No comments:

Google+