LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Technology News: Mlware: 'H*** You H*ve' Exposes Internet Security's Achilles' Heel
From:	Hugh Smith <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Mon, 13 Sep 2010 10:39:56 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (49 lines)

Includes quotes from article:

> Google, NASA, Wells Fargo, Comcast, ABC/Disney, Coca-Cola and the Florida
> Department of Transportation are among the many organizations whose services
> reportedly have been disrupted by the "H*** you have" w*rm. The attack,
> based on a simple phishing scheme, raises the question of whether new
> approaches to Internet security are needed beyond educating users, which
> seems doomed to failure
> 
> http://bit.ly/bmQlsV


We keep hearing about the Cloud and all sorts of programs for storing software and data but simple things like this show how unprepared the IT Community is to deal with this type of situation.

> "A lot of companies do have policies in place, but the reality is, it's much easer to click on the link or attachment, because a lot of people are busy and don't have the time to verify the sender's identity," Masiello said.

In a large organization it is impossible to avoid having even one person avoid such scams. They have made email so much less effective than it previously was when you could count on it, back when firewalls were ahead of the hackers. (Was there even such a period?? Maybe I imagine it was safer....)

I can remember when a potential client would visit our web site and ask for a quote.  We would promptly reply. But now you must send an email asking them to put you in their email address book and tell you when it is in there or the reply will be seen as Spam. If they do't reply then you know your email was blocked.  Then you call them.  Is this the efficiency of the IT world.

At least Fax inquiries were sure to be received on both ends.

> "The core of this problem is that we still don't have a consistently used common way to ensure the identity of people on the Web, so it's relatively easy to steal people's identities and use them to do harm," Enderle explained. "Until that problem is fixed, attacks that successfully use identity theft as a vehicle will be impossible to fully mitigate."

As a company marketing a product, you never know who your next product inquiry will be from. Just rejecting everyone new is suicide.

Those who suggest the Cloud as our only means of storing information are a threat to us all. Tape storage offsite allows you a means to go back to the day or the minute before the infection occurred and reboot from there.  If everything is online all the time, the w*rm can just keep burrowing into all the data.

Records management needs to talk with executive management and point out these flaws and talk about storage of tapes, offline, in a secure environment. If they wish to use the Cloud, fine but do not walk away from a technology that has been extremely effective since the first use of computers.

I understand the guy who tries to infect to gain financial advantage but it is the volume of people who do this for just pure malevolence towards the unidentified users, that I find mind boggling. They seek to create the largest amount of damage for no personal benefit but ego stroking.

Imagine if every source of clean water was linked together so that one terrorist at any point in the water supply could infect it all, thus rendering all water poisonous. That is how the Cloud has the potential for massive data loss and damage to our platforms.  Yet the IT world keeps pushing for total use of the Cloud?????  All that risk just so they can make a few more dollars.

This is a place where records managers could make a difference.  Keep track of these intrusions and the reported costs to clean them up.  Point out to management that it is not if but when. Just as you protect the documents, you should also seek to point out a role in tape security and management. Storing tapes off site takes them away from persons on staff that also might pose a risk.

Look at the names listed above.  Is your system better than their security?  Maybe in a few organizations but if they can be infected, anyone can. I know for a fact that many of the above store tapes offsite.  They do not rely totally on the Cloud.  Your Management team should know that.

Hugh Smith
(610)  756-4440    
Fax (610)  756-4134



List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US