Stupidity trumps security

Friday, 2 May 2003, 11:38 AM EST

The attorney I was chatting with over coffee smiled and then launched into what could only be called a horror story -- at least if you were her client. "My client's soon-to-be-ex-wife apparently wanted to get back at him," explained the attorney, one of the top divorce lawyers on the east coast. "So she got into his office somehow and then used his assistant's computer to send an e-mail message to everyone in the company telling of his affair with one of his coworkers."

We chatted longer, my friend telling of the pain the e-mail caused her client. But I wondered how any company could have security so lax that an outsider could sneak in and send an e-mail to the entire company. Didn't the managers of the company know that they had a responsibility to ensure the privacy of their customers and other employees, as well as to safeguard information critical to the running of the company? Apparently not.

I thought through all of the security holes the scorned wife apparently exploited. First, there was no physical security, or she would never have been able to get into the area with the computers. Second, she was able to get into an employee's e-mail account without knowing any passwords. And third, how was it that she was able to create a message to all of the other employees without knowing who they were?

[ Read more ]




Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //