Re: Design failure
Simply due to some domain admins still thinking that it's fine to put everything in the same domain. Face palm
12 posts • joined 13 Sep 2011
Security thru obscurity is good. ? Lol. I would tend to agree with your statement about her server but heard only that the data was turned over and not the system files. Considering the state department mail system was having drama, I do wonder why not the private system. Perhaps, she was simply smart /lucky enough to not click on phish.
The cio was new and hired after the hackers were inside the house. I saw published memo that she was improving the situation. I really thing it was more of case of not enough staff to keep up with the infrastructure care, feeding, maintenance and protection than simply amount of salary. Especially, considering the news about issues at nasa.
I had it demonstrated to me personally about how folks could download the data from hillary website. It was just name, age, address type of stuff. Simply, each individual record would be displayed to any anonymous person volunteering to call voters, but some slight tweets allowed you to get it in bulk.
Jboss runs on a few different os and in this case, it is a vulnerability when the server is neglected enough (not patched). Then the attacker uses various methods to get sufficient domain admin credentials to move lateraly, and deploy the malware .
If I read the article correctly, fraudsters were able to scam the irs system by using personal identifiable information of the account holder. That means to me that unhappiness should be pointed that we have 700k+ with compromised pii, and that with added transcripts from the irs, it adds an additional pii on this 700k+, and to me, means the 700k+ has much higher chance of credit issues and worse.
Iran - snoop on possible communicaitons between Iran citizens and anti-Iran groups.
Israel - snoop on possible communications between Iran agents and anti-Israel groups. (for example: Hamas).
US - snoop on possible communications between Iran agents and anti-US groups.
I am not saying that Iran is innocent, but, they are not the only ones that can benefit from reading emails/traffic between points in Iran and the rest of the internet.
Who knows.. maybe, its some 'blown egos' from that stuxnet malware.
Biting the hand that feeds IT © 1998–2019