Thursday, January 31, 2013

e-mail is a security black hole.

(NYT. Jan 31, 2013) SAN FRANCISCO — For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees. 
Security experts found evidence that the hackers stole the corporate passwords for every Times employee and used those to gain access to the personal computers of 53 employees, most of them outside The Times’s newsroom.
Over the course of three months, attackers installed 45 pieces of custom malware. The Times — which uses antivirus products made by Symantec — found only one instance in which Symantec identified an attacker’s software as malicious and quarantined it, according to Mandiant.

E-mail is a mature technology where bugs and security holes were all supposed to be extinguished. If e-mail servers at a major news institution cannot be protected from outside intruders, the situation with thousands of mobile apps is probably much worse.
The effectiveness of anti-virus software is quite pathetic - 44 our 45 malware pieces not detected.

tags: security, internet, control, mobile, communications

No comments: