They thumbed their nose at the hacking community, and got hacked. They didn't realize they got hacked for a month, despite some pretty clear warning signs. And when they found out, they didn't worry about it, because it seemed like only their users, "the peasants" were affected. Classy.Forbes does a very nice sum up slash take down, and says,
And when they have finished hiring a real security person and drafting an incident response plan, they can create a password composition and management policy, a policy on not writing passwords in chat logs, a patch management policy, and maybe for kicks a policy against bad mouthing their own users internally, users that they themselves put in harm’s way.
Amen.
That's hilarious. Although I am beginning to question the utility of writing policies that no one will ever read, much less follow...
ReplyDeleteAnd while it's pretty freaking stupid to use "password" as your password, how long does it really take a botnet to crack a complex password? And now that Amazon is renting out teraflop level processes for a few bucks per hour, even maladjusted teenagers can afford supercomputer performance.
Passwords need to become more complex, but our little monkey brains cannot keep up with all the passwords we currently use.
Retinal scans.
ReplyDelete