Senin, 15 April 2019

PSA: Microsoft Outlook Breach Worse Than Expected, Hackers Could Read Emails of 6% of Affected Users - Mac Rumors

High time for a "internet reboot" 2.0


It's high time for companies to be held accountable for breeches in a severe monetary fashion.

The only way they are going to get better at security, or take security seriously, is if it affects their bottom line in a big way if they don't.

I am pretty sure I am one of the affected users, I could see weird stuffs last month with my email, I even received a notification of an app permission granted, something I don’t even use.
[doublepost=1555350313][/doublepost]

And this is why I always say - never write anything down that you wouldn't want everyone to know. I'm sure the hackers will sell the email content to someone who will blackmail the victims.


I get your point but it is not just about that. Your work, research, sales, etc. may rely on email and you don’t want unauthorized access to it.
Yet another huge company gets hacked and loses customer data. Is there no accountability anywhere now?
High time for a "internet reboot" 2.0

And this is why I always say - never write anything down that you wouldn't want everyone to know. I'm sure the hackers will sell the email content to someone who will blackmail the victims.


These breeches are typically not about finding users to blackmail. These are typically done to gain access to ones credentials or learn about users for informed phishing attempts.
So some techs account was "hacked". Does that mean unsafe use of a computer and picking up malware? Does it mean weak password or not changing passwords frequently? Or some other stupid usage.

From my experience the weakest security link in corporate environments are typically ill-informed users or just plain stupid people. Anyone with privileged access should be locked down and audited, single purpose accounts, etc.
[doublepost=1555352287][/doublepost]

That won't be sufficient, a "internet reboot" 2.0 would be much better.

For instance, your private information stays on your device, end to end full encryption mandatory for the whole internet.
Keys are in your possession, not anywhere else.
Standard opt-out for everything.


Intel communities would never allow that to happen.
[doublepost=1555352428][/doublepost]

Except this was a support agent employee's credentials that were hacked and used to get in, so how do you fine a company or hold them responsible for what someone was loose with potentially out of the work environment? Other than fire the person what more can the company do? There is always that human aspect that is the weak link.

Its hard to say what more they could have done here without facts; did the employee have it written on a sticky note at lost it being completely negligent? We simply dont have the facts


Yes, agreed it is usually stupid employees. There is much that can be done to make such people less harmful. See my above post. And yes, the companies need to take responsibility for employees.

Let's block ads! (Why?)


https://www.macrumors.com/2019/04/15/microsoft-outlook-msn-hotmail-breach/

2019-04-15 17:27:00Z
52780268984608

Tidak ada komentar:

Posting Komentar