http://www.wired.com/threatlevel/2011/04/oak-ridge-lab-hack/

Kind of scary, they do alot of classified research, including cyber-warfare. I'm affected by this here at my job (ORNL hosts the information system we use as part of a wider collaboration), and of course it means everyone gets a reminder about clicking on a link.

I cracked up at the quote of the Deputy Lab Director, who said, "We're getting more smarter..." To maintain my own sense of rightness in the world, I'm going to assume that's a misquote.

They boarded up last Friday, still down a week later. Crazy!! And going to cost the taxpayers some serious green.

Couple questions for Friday time-chewing:

Why the hell are these people using Internet Explorer?

What's spear-phishing? (I've never heard that term.)

A national cybersecurity network using IE and allowing extranet access? What kind of IT doofuses run that sort of open network?

A national cybersecurity network using IE and allowing extranet access? What kind of IT doofuses run that sort of open network?

The same doofuses that have the IRS running on WinXP and IE6. Just sayin'.

It is a form of phishing in which a perp targets specific, normally high up, individual within a company using official looking emails or other non suspicious forms of communication to get information from them. LIke most social engineering it relies on the target being a total fucking dumbass.

LIke most social engineering it relies on the target being a total fucking dumbass.

Based on my experience with upper management in government labs, it is likely to be a very productive approach.

Based on my experience with upper management in general, it is likely to be a very productive approach.

Fixed that for you.

It is a form of phishing in which a perp targets specific, normally high up, individual within a company using official looking emails or other non suspicious forms of communication to get information from them. LIke most social engineering it relies on the target being a total fucking dumbass.


Ah, makes sense, now that you've spelled it out.

Raytheon just went through replacing every one of their employees 20,000 Fobs because the maker RSA got hacked.

It took several days to change everyones password. The help desk's phone lines were at least an hour on hold when they were not disconnected because of the wait time being too long. All the while everyone was trying to complete their yearly performance reviews which require at least three sets of password/fob security to get to.

I currently have 6 different login and password/fob combinations to maintain just to do my job. All of which I cannot write down anywhere. Know wonder people around here get caught all the time around here with easy passwords.

So something like this doesn't surprise me.

Thoughts about things like biometric security?

Thoughts about things like biometric security?

I want to know why biometric PC devices were a minor fad a few years ago, and now they're gone. Microsoft and a couple other companies made one. The microsoft one was only good for Windows XP, and they never supported an OS beyond that.