I want to focus on a couple of Bruce Schneier posts today.
Jan 1 Doxing as an Attack
https://www.schneier.com/blog/archives/2015/01/doxing_as_an_at.html
As Bruce mentions the old attack Doxing where all your information (personal information like cell phone, ss#, birthday, emails, medical information, etc.) is posted to the Internet to pressure the target for a political or otherwise reason.
This happened to Sony as a company in the #Sonyhack.
Why do I want to bring this up? Because it should change the way we operate on the Internet. As hackers place more PII (Personally Identifiable Information) as an exposure attack. (or as termed “Doxing“)
This is a problem as anything you have said in the past can come back to haunt you in some way.
In fact the Sony hack is discussed in more detail at his previous post:
https://www.schneier.com/blog/archives/2014/12/more_data_on_at.html
Bruce focuses on who created the attack (or at least who is supposed to have)
There is some evidence this was an insider attack, as it was a detailed attack and a lot of data was stolen.
But there is also Russian linguistics in hacker communications.
Although the FBI still blames North Korea, that may be a misdirection.
Even though the Sony hack is for the most part now over, and the movie is out annoying the North Koreans. In this story it is obvious that the Interview’s depiction of Kim Jong-Un is uncomfortable for anyone who was under the North Korean yoke for a while.
http://news.yahoo.com/interview-no-laughing-matter-n-korean-defectors-094238316.html
The lasting effects of this movie seems to be Doxing
It is unfortunate but it is as I have said before, even if it is difficult you have to assume the hackers are inside your network and have intimate knowledge of the network.
NOW how will you defend the network? Keep in mind hte hackers can get all the info that is important. Anything that you have can be Doxed.
that is what I want to bring to the fore…
Oh yes and Happy New Year 2015!