14 Enterprise Security Tips From Anonymous Hacker

  /     /     /  
Publicated : 22/11/2024   Category : security


14 Enterprise Security Tips From Anonymous Hacker


Former Anonymous member SparkyBlaze advises companies on how to avoid massive data breaches.



Want to avoid large-scale data breaches of the type served up by hacking group Anonymous, and its LulzSec and AntiSec offshoots? Start by paying attention to the security basics, including hiring good people and training employees to be security-savvy.
Information security is a mess. ... Companies dont want to spend the time/money on computer security because they dont think it matters, said ex-Anonymous hacker SparkyBlaze, in an exclusive
interview
with Ciscos Jason Lackey, published on Ciscos website Tuesday.
Accordingly, whats the best way for businesses to improve the effectiveness of their information security efforts? SparkyBlaze offered 14 tips, ranging from using defense-in-depth and a strict information security policy; regularly contracting with an
outside firm
to audit corporate security; and hiring system administrators who understand security. Also encrypt data--something like AE-256, he said--and keep an eye on what information you are letting out into the public domain.
Other best practices: use an
intrusion prevention system
or
intrustion detection system
to detect unusual network activity. Employ good physical security too, he said, to ensure no one routes around your information security measures by simply walking through the front door. Finally, pay attention to employees security habits and keep them briefed on the threat of social engineering attacks, since all it takes is one person opening a malicious attachment to trigger a data breach of
RSA-scale proportions
.
While SparkyBlazes back-to-basics guidance isnt new, it bears repeating given the number of data breaches and releases
executed by hacktivist groups
in recent months. According to security experts, these attacks arent necessarily
highly sophisticated
, and most dont make use of so-called
advanced persistent threats
. Rather, attackers often exploit common vulnerabilities or misconfigurations in Web applications, just as theyve done for years.
SparkyBlaze defected from Anonymous earlier this month, saying via a
Pastebin post
that he was fed up with Anon putting peoples data online and then claiming to be the big heroes. As that suggests, theres no clear and easy definition of what constitutes hacktivism. Even so, the scope creep in the type of data collected and released by Anonymous and its offshoots is evidently turning some people away from the collective.
I love hacking and I believe in free speech and anti-censorship, so putting both together was easy for me. I feel that it is ok if you are attacking the governments. Getting files and giving them to WikiLeaks, that sort of thing, that does hurt governments, said SparkyBlaze to Ciscos Lackey.
But in his Pastebin post, SparkyBlaze said that AntiSec and LulzSec had increasingly been operating against the supposed mission statement of Anonymous, which was ostensibly formed to keep governments accountable. AntiSec has released gig after gig of innocent peoples information. For what? What did they do? Does Anon have the right to remove the anonymity of innocent people? They are always talking about peoples right to remain anonymous so why are they removing that right?
On a related note, the raison detre of Anonymous--WikiLeaks--appears to have lately suffered its own data breach, or at least loss of data control. On Monday, German weekly news magazine
Der Spiegel

reported
that a file posted by WikiLeaks supporters to the Internet included concealed, password-protected, and unexpurgated versions of the 251,000 U.S. State Department cables that
WikiLeaks released
--with many sources omitted--in November 2010.
Through a somewhat circuitous sequence of events, possibly involving personnel disagreements inside WikiLeaks, the
existence
of a 1.73-GB cables.csv file, which contains the uncensored cables and which is protected by a password, became publicly known. Furthermore, thanks to an external contact of WikiLeaks, according to
Der Spiegel
, the password was also publicly disclosed, enabling the file to be unlocked.
But in a
statement on Twitter
, WikiLeaks disputed responsibility for the leak: There has been no leak at WikiLeaks. The issue relates to a mainstream media partner and a malicious individual. WikiLeaks, however, didnt name either.
The vendors, contractors, and other outside parties with which you do business can create a serious security risk. Heres how to keep this threat in check. Also in the new, all-digital issue of Dark Reading: Why focusing solely on your own companys security ignores the bigger picture.
Download it now
. (Free registration required.)

Last News

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
14 Enterprise Security Tips From Anonymous Hacker