Call me cynical
"... a cache of 18,000 Social Security numbers was found on one of the infected PCs."
That sounds like the university was storing Social Security numbers without much security.
Penn State University has had to take networks in its school of engineering offline after falling victim to a malware attack traced partially to China. Acting on an FBI tip, the school found that PCs on the network of its College of Engineering were infected with malware that appeared to be trying to harvest research data and …
It is pointless to put much "security" on Social Security numbers. They are totally unsecure in the first place (and this is as it should be: they are just a form of catalog number, not something for identification and certainly not for authentication). The fact that they are used for identification and possibly authentication by various outfits is another problem.
Rationally, the highest level of security you would have on a batch of SSN is the one you would put on a list of names.
"They are totally unsecure in the first place (and this is as it should be: they are just a form of catalog number, not something for identification and certainly not for authentication). "
You don't actually live in America do you, because you would know you can't do shit these days without giving out your SS number.
Contrary to popular belief, there is also no opt out.
Corporate America has made the SS number the default ID number. So has most government departments.
You don't actually live in America do you, because you would know you can't do shit these days without giving out your SS number.
That's the effing point: If you give them to world&dog they are not secure. Using them for things they are not mean to be used for does not make them secure or worthy of high-level security measure. Read the link, Einstein.
Interesting coincidence that I'm currently reading Cyber War by Richard Clarke and Robert Knake. The main point is that the US probably has powerful offensive capabilities but almost NO defensive capabilities, which is amplified by our extreme reliance and even dependency on our computer networks.
In contrast, China is playing BOTH offense and defense. The Great Firewall of China is actually part of the defensive perimeter, not merely censorship. Private companies don't get to tell the government that network security might reduce their profits. Even more importantly, it's much harder for them to bribe politicians to look away from the problems.
This article should be regarded as another shot across the bow.
Just a mindless troll? Or you have a substantive point?
Perhaps I should be more precise.
American politicians can be legally and cheaply bribed and the practice is effectively universal. In light of so-called Citizens United and the quid pro quo interpretations of the SCOTUS, it's almost impossible to get in trouble that way. As Clarke's book put it on page 143 (writing before the google eclipsed Microsoft in lobbying): "Microsoft can buy a lot of spokesmen and lobbyists for a fraction of the cost of creating more secure systems." This was near the conclusion of a subsection called "Money Talks". (However, the book is not so old that the google is irrelevant... The authors don't see any connection to security? At least not in the first 2/3...)
In contrast, political bribery in China is expensive and risky. I don't have much data about the frequency or prevalence, but I do know that if the political winds start blowing the wrong way, your past bribery is one of the quickest and easiest ways to get shot.
> It kind'a made sense until I came across this sentence. At that point I stopped thinking
FTFY
"Hello, Mr Politician, we would like to make a large contribution to your election fund. By the way, there's this piece of legislation we would find very helpful to our business if it were enacted..."
America, the country that gave us the saying: "An honest politician is one that stays bought"!
Cyber War by Richard Clarke
If you enter the bookstore and see stuff by Richard Clarke, make a large detour around the heap of self-serving alarmist claptrap.
The Great Firewall of China is actually part of the defensive perimeter
Anyone who thinks that a "national router moat" is a good idea for playing "cyberdefense" is a few beers short of a sixpack.
Yes it is complete and utter bollox.
You only need to hack a company in HK with a VPN to a factory in China.... and you're inside the firewall...
Come to think of it.. just pop inside on of the cyber cafes in China , if you require a delivery system.
yep, we've been living in a glass house, and we've been throwing a lot of rocks at pretty much everyone on the planet the past couple decades.
To destroy is easy, to build is difficult. Unfortunately our national priorities have been almost entirely focused on doing the easy. We've got hackers, spies, lawyers, and government employees out the wazoo, but people doing actual export-grade engineering are rare now, and they are mostly not American.
When I was there, the College of Engineering had it's main offices in Hammond Building. In a brilliant move, the College had students design it's new HQ. They did a fine job except for one small detail. They forgot to to test bores for the foundation. Turned out the ground where they planned to build the 8 story structure wouldn't support it, and rejiggering the foundation so it would cost too much. So they sliced the building into pieces and laid them side by side. One interesting side effect was that you can't actually get to the middle rooms on the second floor from the first floor. You have to go to the third floor walk t the middle and go down to the second.
From henceforth please use the term "Nutshacked" to describe the resulting situation of person(s)/organization(s) hacked by Chinese malware/govt etc. Please inform Oxford and other necessary parties.
Acceptable alternatives are "nutsacked" or "nenusa." The latter is a shortened version of "netnutsacked"