As we have talked about (more than once) security put in place by large corporations and governmental agencies is not as good as it could (or should be) looking back at 2011 the majority of data breaches and hacks were all simple ones that should have been covered. These were items like simple or default passwords left on hardware, improperly configured firewalls and edge protection, open ports, third party software for external monitoring, and even highly sensitive information connected to the rest of the regular network without any type of segregation or extra security.
2012 is not turning out to be any better as recent data breaches have shown; one involving the loss of a possible 181,000+ was down to a miss-configuration on a single server. The server was possibly overlooked when the normal security was put in place, although more information is not available at the time of this writing we do know that many companies and agencies are cutting back in their IT budgets. This move ends up putting companies at risk due to understaffing or improperly trained employees doing work that they are not truly qualified to do.
Now, let’s apply this to the US government and ISPs that would control the infrastructure for that snooping hardware needed for CISPA. Does anyone think that this would not be setup and protected with the lowest cost solution business principal in mind? How can lawmakers and our cyber-security agencies tell us that they can protect this infrastructure when they leave the doors open at the Pentagon, the CIA, NASA, The Veteran’s Administration, The Social Security Office and others too many to list? There is no way to do this. So while we hear them talk about what a scary place the internet is and how vulnerable we are to intrusion, they are backing themselves into a corner here, if things are so bad why would you ever put a system in place that is capable of monitoring ALL traffic?
With a simple intrusion someone could have access to a massive amount of personal information if we are only talking about surveillance. If we are talking about blocks and controls then that same intrusion could shut down banks, corporations and government systems with ease all by using the infrastructure proposed by SOPA against itself (like Cyber-Judo). If you look at the recent attacks by Anonymous on China you can see that even their extreme control and paranoid system has not been able to protect it from attack (we would not be surprised to find out it is part of the attack vector either).
As we have said the people proposing these bills do not care about security, they do not care about your Civil Liberties and they have no knowledge of what they are trying to put in place. They have the entertainment industry and many software companies whispering in their ears about how great this will be all in the name of corporate interests. All the while technological progress and innovation are stomped on with spiked boots and the smiling nods or lawmakers around the globe as they try to make putting your own protections in place illegal.
Discuss this in our Forum