Pardon my sarcasm this morning, but I want to point out a few reasons Lulz Sec’s assault on PBS is particularly cruel:One is that they chose to deface a PBS NewsHour blog to “announce” that murdered rappers Tupac Shakur and Biggie Smalls were still alive and living in New Zealand.In my opinion, NewsHour is one of the few respectable, useful news outlets left on the planet. Just about everyone else is too obsessed with loud graphics, drama and all other things infotainment to properly deliver the news anymore. NewsHour is one of the last holdouts against this sad trend.Also disturbing was that they couldn’t even post fake news that would be believable. Seriously, if you were Tupac or Biggie, would you really pick New Zealand for your exile? Don’t get me wrong, it’s a great country. But I picture these guys hanging out somewhere a bit more “street.” Jim Morrison lounging in New Zealand is much more believable. My other problem is that they chose to target the station that brings us “Sesame Street”, “Mr. Rogers” and “Word Girl”. Kids depend on those shows. How dare you sully their image by exposing PBS’ security weaknesses.In fairness, I will make one exception: That show “Caillou” makes me crazy. I can’t stand it. My kids can’t stand it. Sullying his reputation a little was OK, though my nearly 3-year-old niece disagrees and wants someone’s head on a silver platter. Sarcasm aside, there is a lesson in this and other recent attacks that should be as educational to the corporate world as “Sesame Street” is educational to small children:No company is immune from attack. EVERYONE has vulnerabilities hiding in the network that could be exploited to damaging effect. Those who try to deny it are asking for trouble. Those who set out to have an unbreakable network will fail. Modern technology is a hopelessly complex beast.As my fellow National Information Security Group (NAISG) board director Jack Daniel has told me many times over, security technology investments tend to me rendered useless by shoddy network configuration practices.We don’t misconfigure these systems on purpose. Like I said, modern technology is complicated. Why we haven’t had bigger disasters up to this point is beyond me.The antics of organizations like Lulz Sec show us just how vulnerable we all are.That doesn’t mean I’m a fan of Lulz Sec. I’m not. I’d rather see these organizations finding flaws themselves with help from in-house and contracted security professionals. When someone from the outside exposes your weaknesses with pranks, the results are messy and uncomfortable. As long as companies keep dropping the ball, their weaknesses will continue to be exploited for public ridicule like we’ve seen at PBS and elsewhere.I’m not telling experienced security pros anything they don’t already know. But since these incidents keep happening, it’s obvious that corporate execs aren’t paying attention to their security people.That needs to change.Otherwise, expect these embarrassing pranks to continue — and for your customers to get hurt in the process. –Bill Brenner Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe