One of the staples of information security related news of late have been the data breaches that have made the headlines. Be they either of malfeasance on the part of an attackers or simply due to an error on the part of someone, it happens a lot.
Now there are good ways to handle a breach related situation like we saw with the folks over at Buffer when they suffered an intrusion into their systems.
There are questionable responses like the kind that we witnessed with the Snapchat confusion.
Then there are the outliers. A perfect example of this is that of Rich Mogull from Securosis (full disclosure, I'm an advisor there). On Monday January 6th Rich made a misstep and it caused him some financial distress when an opportunistic attacker leveraged credentials that Rich had mistakenly made public.
Nothing quite as gut wrenching as when you have that "oh crap" moment. A nightmare for anyone to be certain.
From this post mortem:
It’s important to fess up, and I learned (the hard way) some interesting conclusions about a new attack trend that probably need their own post. And, as is often the case, I made three moderately small errors that combined to the epic fail.
I was on the couch, finishing up an episode of Marvel’s Agents of S.H.I.E.L.D. (no, it isn’t very good, but I can’t help myself; if they kill off 90% of the cast and replace them with Buffy vets it could totally rock though). Anyway… after the show I checked my email before heading to bed. This is what I saw:
What he saw wasn't good.
Rich goes on to explain at length what transpired. He delves into this event and shows where he made his missteps and shares his experiences with us. This is an example of how to be transparent.
Rich didn't need to share this event with us. But, I'm very glad that he did.
(Image used under CC from [davidrobertsphotography])