This month, we look at decisions that defy basic logic.Thumbs down — Anonymous: It’s admirable that these guys want to stand up for freedom and human rights. Now if someone can explain what hacking a Boston police website and leaking PcAnywhere source code has to do with advancing those goals, we’re all ears.Thumbs down — Symantec: The anti-malware giant has made some really bone-headed moves this past month, most notably its recent PR misfire over Android malware. One day they emailed us this alarming headline: “Newly Discovered Android Malware Has Infected Millions of Users.” Days later, Symantec was forced to retract that statement, admitting the threat was nowhere near that level of drama. The problem with this is that people are less likely to listen to Symantec the day it alerts us to a real threat.Thumbs down — Attila Nemeth: The 26-six-year-old Hungarian citizen was sentenced to 30 months in prison and three years of supervised release after he sent malicious code to Marriott International Corporation, threatening to reveal confidential information taken from the company’s computers if Marriott did not offer him a job. Our colleague Michael Cooney summed up this one pretty well with this headline: “How NOT to Get a Job 101.” Thumbs both ways — RSA Conference 2012: Conference organizers threatened to pull the rug out from under BSidesSF by denying the neighboring event a waiver from its no-compete rules. RSA argued that BSides would hurt attendance on the RSA exhibit floor, even though that didn’t happen in the two previous years. After much protest, RSA did the right thing and backed down.Thumbs down — VeriSign: The company responsible for delivering people safely to more than half the world’s websites (specifically addresses ending in .com, .net and .gov), was hacked repeatedly in 2010 by outsiders who made off with undisclosed information. Instead of releasing a big statement acknowledging the incident and telling people what it was doing to fix the problem, VeriSign quietly buried the news in a quarterly Securities and Exchange Commission (SEC) filing as if it was just another routine matter. The company may have met its requirement to report the breach, but it should have done much, much more to make customers aware. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe