14 safety tips for a hacker to company
Friday, September 02, 2011
Want to prevent data loss in large-scale attacks by the group Anonymous and its offshoots and LulzSec AntiSec? So start paying attention to basic safety requirements, which includes hiring qualified people and train employees to be security guards.
"Information security is a mess ... Companies do not want to waste time or money on computer security because they think it does not matter," said former anonymous hacker known as "SparkyBlaze" in an exclusive interview with Jason Lackey, Cisco, published on the company website.
So what is the best way to increase the effectiveness of their efforts with information security? SparkyBlaze provides 14 tips ranging from the use of "defense in depth" and "strict policy of information security"; hiring an outside firm to audit their security regularly, and hiring system administrators who understand security. Hire a system administrator who understands security. Encode data as well - "someone like AE-256," said the hacker - and "keep your eyes on the information that you leave in the public domain."
Another good practice: Use an intrusion detection system network to monitor unusual activity. Employing a "good physical security" also helps to ensure that no one is around the security measures of information simply by entering the front door. Finally, pay attention to the safety habits of employees and keep them informed about threats of social engineering attack, just one person to open a malicious attachment to cause large-scale data breach.
While SparkyBlaze back to basic guide of orientation, is worth seeing the number of data releases and run raids by groups of hackerativistas in recent months. According to experts, these attacks are not necessarily super sophisticated and most do not make use of so-called "advanced persistent threat." But often they happen by exploiting common vulnerabilities in web applications or unconfigure.
SparkyBlaze anonymous defected earlier this month, saying he was "tired of people putting data on the network to then be as great hero autoafirmar." This suggests that there is no easy and clear definition on what constitutes the hackerativismo. Especially with the "scope creep" in the type of data collected and disclosed by Anonymous, which split away is evident to some people living outside the collective.
"I love being a hacker and I believe in freedom of expression and anti-censorship, then adding the two it becomes easy for me. I feel that there is nothing wrong in attacking the government. Collect data and deliver them to Wikileaks, that sort of thing affecting the government, "he said SparkyBlaze for Lackey, Cisco.
But in the post left Postebin, SparkyBlaze AntiSec and states that the operator have LulzSec against the alleged mission of Anonymous.
"AntiSec has made a spectacle after another with information of innocent people. What? What are they doing? Anon The hacker has the right to get these people out of anonymity? They are always talking about people's right to remain anonymous, so why they're taking this right? "he asked.
On a related note, the reason being anonymous - Wikileaks - the wall have suffered data breaches its own or at least, loss of control. On Monday (08/30), the German magazine Der Spiegel reported that a file posted by Wikileaks supporters included the Internet versions 251 000 hidden, non-password protected and purged of cables from the U.S. State Department, revealed by WikiLeaks - omitted to many sources - in November 2010. Although the whole situation, Wikileaks states that there was no leak.
Want to prevent data loss in large-scale attacks by the group Anonymous and its offshoots and LulzSec AntiSec? So start paying attention to basic safety requirements, which includes hiring qualified people and train employees to be security guards.
"Information security is a mess ... Companies do not want to waste time or money on computer security because they think it does not matter," said former anonymous hacker known as "SparkyBlaze" in an exclusive interview with Jason Lackey, Cisco, published on the company website.
So what is the best way to increase the effectiveness of their efforts with information security? SparkyBlaze provides 14 tips ranging from the use of "defense in depth" and "strict policy of information security"; hiring an outside firm to audit their security regularly, and hiring system administrators who understand security. Hire a system administrator who understands security. Encode data as well - "someone like AE-256," said the hacker - and "keep your eyes on the information that you leave in the public domain."
Another good practice: Use an intrusion detection system network to monitor unusual activity. Employing a "good physical security" also helps to ensure that no one is around the security measures of information simply by entering the front door. Finally, pay attention to the safety habits of employees and keep them informed about threats of social engineering attack, just one person to open a malicious attachment to cause large-scale data breach.
While SparkyBlaze back to basic guide of orientation, is worth seeing the number of data releases and run raids by groups of hackerativistas in recent months. According to experts, these attacks are not necessarily super sophisticated and most do not make use of so-called "advanced persistent threat." But often they happen by exploiting common vulnerabilities in web applications or unconfigure.
SparkyBlaze anonymous defected earlier this month, saying he was "tired of people putting data on the network to then be as great hero autoafirmar." This suggests that there is no easy and clear definition on what constitutes the hackerativismo. Especially with the "scope creep" in the type of data collected and disclosed by Anonymous, which split away is evident to some people living outside the collective.
"I love being a hacker and I believe in freedom of expression and anti-censorship, then adding the two it becomes easy for me. I feel that there is nothing wrong in attacking the government. Collect data and deliver them to Wikileaks, that sort of thing affecting the government, "he said SparkyBlaze for Lackey, Cisco.
But in the post left Postebin, SparkyBlaze AntiSec and states that the operator have LulzSec against the alleged mission of Anonymous.
"AntiSec has made a spectacle after another with information of innocent people. What? What are they doing? Anon The hacker has the right to get these people out of anonymity? They are always talking about people's right to remain anonymous, so why they're taking this right? "he asked.
On a related note, the reason being anonymous - Wikileaks - the wall have suffered data breaches its own or at least, loss of control. On Monday (08/30), the German magazine Der Spiegel reported that a file posted by Wikileaks supporters included the Internet versions 251 000 hidden, non-password protected and purged of cables from the U.S. State Department, revealed by WikiLeaks - omitted to many sources - in November 2010. Although the whole situation, Wikileaks states that there was no leak.
font: Information Week Brasil