About
"Distrust and caution are the parents of security" - Benjamin Franklin
Min worked at Delaware based chemicals giant DuPont for over a decade before he surreptitiously took a job at DuPont competitor, Victrex. Over a four month period after accepting that offer, and before informing DuPont of his decision, Min systematically copied thousands of pages of confidential DuPont design documents to a laptop. DuPont became aware of Min’s theft only after the employee gave notice.
Bradley Manning’s is the face that launched a (hundred) thousand leaks. The 22 year-old intelligence analyst for the U.S. Army’s 2nd Brigade Combat Team, 10th Mountain Division was stationed in Iraq when, allegedly, he downloaded hundreds of thousands of classified documents and video from SIPRnet, the military’s classified intelligence network.
Even before PFC Bradley Manning made off with hundreds of thousands of pages of classified military and diplomatic documents, malicious insiders were a persistent and growing problem in the halls of government, The Pentagon and inside companies large and small. According to Verizon’s 2010 Data Breach Report, 48% of data breaches were caused by insiders – a 26% increase from the previous year. Likewise, the U.S. Military’s Defense Security Service (DSS) reports that insiders have caused more damage to the U.S.
Malicious text messages can crash many types of mobile phones, including devices by Samsung, Sony Ericsson, Motorola and LG, according to a presentation given at the Chaos Communication Congress hacking conference this week in Berlin.
Smartphone adoption has exploded in recent years, and this has not been lost on the attackers who are looking for the best way to separate users from their money and confidential data.
As predicted by researcher Dino Dai Zovi in these pages in January, 2010 turned out to be the year of the sandbox. Attackers for years have been focusing their attention on browsers and other Web apps and using them as jumping off points for further attacks on compromised PCs. Vendors finally began to take notice and implement sandboxes in their products.
There were a lot of excellent talks at conferences this year, but perhaps the most interesting and far-reaching presentation was one given by researchers Thai Duong and Juliano Rizzo at Ekoparty on a crypto attack against ASP.NET applications.
Before WikiLeaks emerged to dominate the news cycle in November, Stuxnet was the leader in the clubhouse for most overhyped, misconstrued and misunderstood story of the year. The worm burst onto the scene in July when researchers discovered it using four previously unknown Windows bugs and compromising computers running esoteric Siemens industrial control software.
Many people in the security and privacy communities have been aware of the activities of WikiLeaks for several years now, but in 2010 the group hit the mainstream like a hurricane. First came document dumps that revealed embarrassing details about the way the U.S. has conducted the war in Iraq.
The hack of blog news network Gawker dominated the headlines this week, leaving behind a trail of spammy Tweets and stolen passwords across the Internet. But Gawker was just one of a handful of data breaches in a week that saw the continuation of the Wikileaks saga and a massive patch release from Microsoft. To get the full rundown, read on for the week in security.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
