That old phrase SNAFU ("Situation Normal, All F---ked Up!") certainly
describes our choices for 2010's top 10 security screw-ups.
Not surprisingly some of the biggest names in technology – Google,
Cisco, McAfee, AT&T – are prominent on the list, either because
they're obvious hacker targets or because whenever they make a
security mistake, it's big news. Without further ado, the list:
Aurora attacks on Google. In what's come to be called the "Aurora
attacks," Google in January acknowledges valuable intellectual
property was stolen via a network break-in during that past December,
intimating China to be the origin of the cyberattack. About a dozen
other high-tech and industrial companies appear to have been struck
in similar fashion. The Chinese government says it doesn't know what
they're talking about. Outraged over thecyber-intrusion, Google, which
had been adhering to Chinese dictates regarding search-engine
censorship, says it will defy them, putting its search-engine license
in China in jeopardy. But by year-end, under Chinese pressure, Google
abandons its tactic of re-directing Chinese user traffic to its more
liberal Hong Kong site and its renewed China license requires
censorship.
China ISP takes Internet for a ride.A small Chinese ISP called IDC
China Telecommunication brieflyhijacked the Internet by sending out
wrong routing data, which was re-transmitted by state-owned China
Telecommunications, affecting service providers around the world. The
event was noted in the "2010 U.S.-China Economic and Security Review"
commission report presented this November to Congress, which pointed
out for 18 minutes on April 8, China Telecom rerouted 15% of the
Internet's traffic through Chinese servers, affecting U.S. government
and military Web sites. Widely reported, media attention raised the
question of whether China was somehow testing a cyberattack
capability, but China Telecom rejected those claims, calling the April
traffic re-direction an accident.
McAfee's oopsie. McAfee goofs up by issuing a faulty anti-virus update
— the now-infamous McAfee DAT file 5958 — which wreaked havoc on PCs
of countless McAfee customers by causing malfunctions like the
Microsoft 'Blue Screen of Death' and creating the effect of a
denial-of-service. With CEO and President Dave DeWalt apologized
profusely, McAfee worked to rush out various fixes for the SNAFU it
had caused by mistake, but some irate McAfee customers felt it all
could have been done better.
Showtime for Cisco. Not the biggest data breach to be sure, but
embarrassing for a networking company that wants the world to consider
it a leader in security, having the sales to show for it -- and that's
Cisco. Someone hacked into the list of attendees for the Cisco Live
2010 users' conference, a security breach that led Cisco to notify the
customers as well as a broader group with dealings with the company.
Though Cisco prefers to keep mum on some details, it appears a vendor
told Cisco that someone had made "an unexpected attempt to access
attendee information through ciscolive2010.com," the event site. Cisco
said the breach was closed quickly, "but not before some conference
listings were accessed." The compromised information consisted of
Cisco Live badge numbers, names, title, company addresses and e-mail
addresses. Cisco apologized by e-mail to both attendees and those who
were invited but didn't attend.
No comments:
Post a Comment