##finfisher the problem with the hack - what went wrong and what was done right

* you are as safe as the weakest part of your infrastructure. (0/5)

   The helpdesk and probably the helpdesksoftware was the weakest part but because they had access to the rest of the network or to a server on which they had place all kinds of technical and other files to do their job, the risks of being hacked were much greater than they had ever imagined.

How safe is your helpdeskinterface and to what do they have access

* only full encryption is real encryption (3/5)

if you start chosing which files on a server you want to encrypt you are not only losing time but you are also creating new problems because it is only if everything is encrypted that it makes totally no sense to extract any information at all as long as you use a Professional encryption software and you don't keep the key on the server or where it can be found.. It is for example strange that they didn't encrypt their code.

* if you lose 40 GB of information you are not really a secure company (0/5)

it is strange that people declare that they are safe and that they have securitypeople and millions of security hardware and loggins and controls but that nobody actually looks at what is happening on the servers and on that security frontline.

* the less data you have the less data you can lose (0/5)

I don't understand why you need files from 2012 on your helpdesk server because it can't be of any use in 2014. Old data should be automatically archived or transferred elsewhere.

* double authentification closes the box (0/5)

let them steal all the data, let them break the encryption as long as they need a double identification to be able to read any file (and this is not a password on a folder but an usb stick or fingerprint of whatever) to open the file just closes it down beyond the breaking point


I also think that the hacker was restless (to do it before blackhat I suppose) and that he didn't try to get beyond the helpdesk server (where probably there was much more interesting info) or didn't try to get credentials with which he could break in the mailboxes (which are nearly never encrypted)

he missed an opportunity here to really make a difference


the real difference will be if we get the public key or a way to break the encryption because if the encryption is broken there is an enormous lot of new files that become available

The comments are closed.