politicians and "doing the right thing"?
EU means European Union, not European Utopia
The European Parliament network has fallen under cyber-attack, leading to a suspension of webmail and other security restrictions. The assault, which has led to the suspension of webmail access in Strasbourg, comes after attacks against the European Commission and the External Action Service networks. The Parliament and the …
This post has been deleted by its author
Verified Microkernels? Mandatory Access Control?
Please let me know which one of those actually provides a webmail interface. I'm sure they could get someone like BAe to build them a lovely mil-spec mail system for a few billion euros, given a decade or so (disclaimer: system may not be lovely or functional), but in the short term it is largely impractical to protect a large, complex, distributed system intended for use by totally non-technical people against skilled, intelligent, resourceful attackers.
There's not a system in the world that will protect a bureaucracy against the carelessness and thoughtlessness of users who are more interested in *using* the system than jumping through security hoops. Virtualisation and fancy programming languages will not fix this.
"experts at Microsoft and McAfee are puzzling over the attack"
Well don't hold your breath, they will be puzzling for a very long time. These two companies know almost nothing about effective security.
As another poster said, why don't the EU engaged with European IT professionals and companies for goodness sake?
"don't hold your breath"
Indeed, especially in the latter case, since it is now clear that their website has security flaws in it that allow scripting attacks. I've never used them, though they've been popular amongst IT support teams in academic institutions where I've worked.
Errr.... has anyone seen a SMART NEUKlearer HyperRadioProActive Robot . I think one has escaped and may have gone over to the tempting dark side for some hot trick action in a perfectly stealthy trojan horse vehicle? ....... http://forums.theregister.co.uk/forum/1/2011/03/31/quantum_dual_robotics/
Many a true word is spoken in jest, Luther B., and if you can do anything, is everything possible, but that is not to say that one does everything whenever anything odd happens.
"I'm not sure... that you really are from Mars." .... IMVHO Posted Friday 1st April 2011 08:53 GMT
Thank you for that, IMVHO, ..... it is proof positive of stealth working extremely well.
Pssst! ..... I'd keep those thoughts to yourself, IMVHO, for anyone not knowing what is going on, would maybe think you were surely crazy.
Indeed. Until you've worked inside a large international organisation, you would be amazed at their internal IT security.
Excluding the webmail problem, which I think that it the least of their problems, there are ways to avoid APT but they require more than security products, they require knowledge of what are you fighting against and specially management support in order to implement drastic changes to the way people work.
And don't be too hasty to point the finger at the fat Eurocrats. Everyone is concerned by this, the only issue is to make them aware of it.
I think there have been similar attacks on other international agencies - the webmail access at the World Bank was also taken down for a while after a cyber-attack (reportedly).
They use Lotus Notes, but for external consultants the webmail interface was the only option. When webmail access was discontinued, they sent out notifications - via the same system so no-one who actually needed to know could find out......
Biting the hand that feeds IT © 1998–2021