Tuesday29 November 2022

Most Breaches In 2011 Were Simple Exploits That Should Not Have Happened

Reading time is around minutes.

animal_farm-pigsYou know, back a very long time ago (sometime in 2007 or so) I wrote an article on how dangerous the idea of cloud computing was (and is). The article centered around the fact that in almost 99 cases out of 100 the company that is responsible for the security of your information and services are going to spend as little as possible on maintaining them and securing them. They are banking on the hope that no one tries that simple exploit or can even find the servers in question. Or for that matter they put their trust in other companies to manage their security for them. These companies then do the same thing all over again all to make sure they keep the best profit ratio possible.

All of this was 5 years ago when the Microsoft’s Azure, Amazon’s Cloud Service and many others using VMware, Citrix etc. were just starting up. And the big push for medical records online, etc. was not there yet. Now there are more cloud providers than you can probably count even smaller companies are beginning to try and provide cloud services to smaller businesses. Now a new study has come out stating that something like 90% of all data breaches for 2011 were done with simple exploits that should have been patched. These were not sophisticated exploits or intrusions but known holes in operating systems, firewalls and other items (like simple passwords).

It is this type of lax security that allows even unsophisticated hackers to get into places they should not be. It is also what you can often expect from companies that offer cloud services, so when you hear about experts explaining how the cloud can be secured and that your data is safe you can remember that you still have human error, network error, bugs in network hardware and more to worry about. The push to put everything into the cloud is little more than a marketing gimmick to get you roped into something. Not to mention we now have MegaUpload as a different example of how dangerous cloud computing can be.

According to law if one account on the same server (or even in the same rack as yours) is found to have violated the law or even suspected of violating the law the authorities can seize your data and hardware as well. Three is plenty of precedent for this, as a data center in Dallas found out when the FBI and federal marshals carried out two racks full of hardware which cost their customers hundreds of thousands of dollars. Now MegaUpload is costing the ISP that is holding onto that data around $9,000 per day to hang onto all of the data that has been confiscated by the FBI. Much of that data is perfectly legal and should not be held by the federal government.

Again, and we cannot stress this enough, the cloud is a cost saving idea which in the end can end up costing you quite a bit. So while you can criticize hackers, anonymous and others that get into places they should not be you might also want to point the finger at the multi-million dollar corporations that spend pennies on keeping your data secure. This does not excuse the people that steal data, but it does show how little regard for our personal data some of these companies have.

Discuss this in our Forum

Last modified on Thursday, 22 March 2012 21:34

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.