• United States




Feb 07, 20122 mins
Data and Information SecurityIT Leadership

This month, we look at decisions that defy basic logic.

Thumbs down — Anonymous: It’s admirable that these guys want to stand up for freedom and human rights. Now if someone can explain what hacking a Boston police website and leaking PcAnywhere source code has to do with advancing those goals, we’re all ears.

Thumbs down —  Symantec: The anti-malware giant has made some really bone-headed moves this past month, most notably its recent PR misfire over Android malware. One day they emailed us this alarming headline: “Newly Discovered Android Malware Has Infected Millions of Users.” Days later, Symantec was forced to retract that statement, admitting the threat was nowhere near that level of drama. The problem with this is that people are less likely to listen to Symantec the day it alerts us to a real threat.

Thumbs down — Attila Nemeth: The 26-six-year-old Hungarian citizen was sentenced to 30 months in prison and three years of supervised release after he sent malicious code to Marriott International Corporation, threatening to reveal confidential information taken from the company’s computers if Marriott did not offer him a job. Our colleague Michael Cooney summed up this one pretty well with this headline: “How NOT to Get a Job 101.”

Thumbs both ways — RSA Conference 2012: Conference organizers threatened to pull the rug out from under BSidesSF by denying the neighboring event a waiver from its no-compete rules. RSA argued that BSides would hurt attendance on the RSA exhibit floor, even though that didn’t happen in the two previous years. After much protest, RSA did the right thing and backed down.

Thumbs down — VeriSign:  The company responsible for delivering people safely to more than half the world’s websites (specifically addresses ending in .com, .net and .gov), was hacked repeatedly in 2010 by outsiders who made off with undisclosed information. Instead of releasing a big statement acknowledging the incident and telling people what it was doing to fix the problem, VeriSign quietly buried the news in a quarterly Securities and Exchange Commission (SEC) filing as if it was just another routine matter. The company may have met its requirement to report the breach, but it should have done much, much more to make customers aware.