Posts tagged security
As part of National Cyber Security Awareness Month (see Gmail’s post for a link) Gmail is reminding people to use passwords wisely and has some great tips.
I am somewhat of a security freak (as those who know me will attest to) and I heartily recommend reading Google’s post. Here are some bad password practices Gmail’s Michael Santerre, Consumer Operations Associate points out that his original post lists solutions to:
- Re-using passwords is a bad practice (using the same password for more than one website)
- Using dictionary words, common passwords, and letters in sequence on the keyboard (like “pass”, “password”, “logmein”, “start”, and “zxcvb”)
- Using passwords based on personal data (like spouse’s name or birthdate)
- Storing your password in an unsecure place (like a sticky note on your monitor)
- Poor Password Recovery (hard passwords may be forgotten/lost, how will you find them if this happens?)
ZDNet ran a story recently called Researchers create browser-based ‘darknet’ that sheds favorable light on computer manufacturer HP, and gives some credit to Google Chrome, Mozilla and Firefox. Evidently HP has come up with a browser-based darknet (Wikipedia – Darknet) that they have no intention of patenting, copyrighting or making into anything more than an open source their idea.
So thank HP for getting the ball rolling and pushing the envelope with new browser advancements and the promise of simpler file sharing, but expect the open source community to have to actually write the code for the project since HP isn’t sharing code.
According to ZDNet’s U.S. Army servers breached by Turkish hackers and InformationWeek’s Anti-U.S. Hackers Infiltrate Army Servers Turkish hackers penetrated US Army servers in January of this year and September 2007. The same group also hacked a site maintained by Internet Security experts Kaspersky Lab.
I understand how NASA can get hacked, though I don’t know why the government puts up with it. However when it comes to the US Army everything should be locked down tight. These sources indicate that the hack was carried out through an SQL Injection attack exploiting a vulnerability in Microsoft’s SQL Server. Why would anyone use a Windows Server on purpose?
Rant, rant, yes I rant and I should not. I just guess I sort of expect that the US Army (and other government agencies) shouldn’t be getting hacked – even every 2 years.
Its scary that in April 2005 NASA was hacked and still no one is really sure exactly who did the hacking. If they do know, they are not saying. The usual suspects include Russia and China but no formal accusations have been made.
Apparently NASA’s computers are a weak link in the DoD information chain. According to BusinessWeek online:
America’s military and scientific institutions—along with the defense industry that serves them—are being robbed of secret information on satellites, rocket engines, launch systems, and even the Space Shuttle. The thieves operate via the Internet from Asia and Europe, penetrating U.S. computer networks. Some of the intruders are suspected of having ties to the governments of China and Russia, interviews and documents show. Of all the arms of the U.S. government, few are more vulnerable than NASA, the civilian space agency, which also works closely with the Pentagon and American intelligence services.
For about 10 years now NASA has been aware of these intrusions and have not been able to stop them, and its costing actual dollars in terms of hardware, not just data and research. Another quote from this BusinessWeek online article says:
In 1998 a U.S.-German satellite known as ROSAT, used for peering into deep space, was rendered useless after it turned suddenly toward the sun. NASA investigators later determined that the accident was linked to a cyber-intrusion at the Goddard Space Flight Center in the Maryland suburbs of Washington. The interloper sent information to computers in Moscow, NASA documents show. U.S. investigators fear the data ended up in the hands of a Russian spy agency.
So in other words there was a hack incident where a satellite was turned toward our Sun and for all intents and purposes turned into a pile of orbiting junk. You would think in the 10+ years NASA would have secured funding for new software, hardware and manpower to protects its (and our) interests. Undoubtedly something has been done, but as this article seems to indicate, NASA is still a target being successfully penetrated by foreign interests.