(Sunday reflections and current news)
Specifically the Seagate NAS Business Storage Line
Today’s Internet Storm Center has the story.
This is the method the attackers can use to hack the devices(From ISC):
“It appears to be trivial to exploit the devices and a metasploit module and an exploit are publicly available.”
PII(Personally Identified Information) was bought from UK government. 10000 names were bought with their corresponding email and other PII data. NakedSecurity from Sophos has the 60 sec video.
Dark reading has a good story on Cyber Intelligence Defining what you know http://www.darkreading.com/operations/cyber-intelligence-defining-what-you-know/a/d-id/1319257?
Here is a good paragraph to discuss:
“Good business managers run things on a foundation of the knowable and it’s something they wouldn’t think of running a business without. Unfortunately, collection and analysis of evaluated intelligence is a rarely-prioritized requirement for leaders seeking to bridge the gap between business and the cybersecurity operations they manage.”
So all three items today are mistakes in judgement,
- Seagate not enough testing, Security focus
- UK gov not realizing what it is selling
- Businesses need to operate on good information, although cyber info analysis is not a priority.
This is the world which we live in.. we as a business community are not making security a priority, is it because it is too hard (i.e. not understood)? it can’t be not being aware of it, we have had so many high profile attacks it is burdensome to hear another attack succeeded.
I picked these three today because it is obvious that we are not making security a priority and are going to take lumps because of it. Does an attack have to happen to your company and person before one spends 5% of funds/attention? I know it is something no one wants, but it is a reality.
As a society we need to awaken to a higher cybersecurity priority.
My cajoling is to “do the right thing” Philotimo Φιλοτιμο
Wikepedia entry – “Philotimo is considered to be the highest of all Greek virtues which determines and regulates how someone should behave in their family and social groups. In its simplest form it means “doing good”, and it ensures your behavior will make you stand out from others”
My translation: to help others as I would want them to help me.
I can only hope to aspire as the others before me, but I am trying to use my talent from God to solve this Cyber security riddle that companies have.
Also an apt Youtube video (regarding ΦΙΛΟΤΙΜΟ)
The Greeks have done a couple of things right in our time on earth, let’s learn from it and “do the right thing”
Spend time testing your security profile, your products, websites.
Spend resources on reviewing your processes and more.
Your reward? peace of mind and knowing even if you get hacked now you did all you could, instead of getting hacked and always wondering if there could have been something else.
The hacker is not going away, and they are sizing up your computer for it’s worth in your accounts, here i have placed a monetary value on each one. How many accounts do you have to hack?
Contact Us to help you.
1 thought on “Vulnerabilities Can Be Exploited”