Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
4/25/2019 | 8:50:11 AM
Re: Correlation or Causality
Here we go - discussion has gone off the rails for technical issue and become more general.  Regret this, Linkedin is going political and so is this thread.  But there is a huge difference between 5 hours and 5 days. 
PaulV972
50%
50%
PaulV972,
User Rank: Strategist
4/24/2019 | 6:04:06 PM
Correlation or Causality
If one believes that Trump's challenge triggered the Russian's actions, it should be terrifying that they could gain full access within 5 hours. 

Once agin, we've gone beyond absurd.  I for one welcome the day when our Gov't and our Politicians take a matter like information security seriously.  Sadly, the dumb show about Facebook is a useful distraction from the failngs of the government to NOT collect obscene amounts of data on their citizens, abuse access to that data, or purely secure that data from outside influences.

I suspect that element that upset the policians most was that their campaign didn't have access. 

 

 
bwilkes8@gmail.com
100%
0%
[email protected],
User Rank: Moderator
4/24/2019 | 9:11:15 AM
Re: Russia Hacked Clinton's Computers Five Hours After Trump's Call
Point - individuals within the Clinton Campaign should have been more aware of phishing attempts, especially the campaign manager.

Point - individuals within the Clinton Campaign should have been reminded or even briefed basic security practices.

The report does not go into detail about what those individuals did other than to say they all opened phishing emails.  Vigilance was not part of their protocol.
bwilkes8@gmail.com
100%
0%
[email protected],
User Rank: Moderator
4/24/2019 | 9:06:39 AM
Re: Poor Editorial Choice
The actual time period is five days not five hours, which is stated in the Mueller Report.
RonR726
100%
0%
RonR726,
User Rank: Strategist
4/24/2019 | 8:56:10 AM
Re: Russia Hacked Clinton's Computers Five Hours After Trump's Call
If you are seeking a forensic analysis, look no furhter than Bill Binney's assessment who concluded:

Former NSA experts say it wasn't a hack at all, but a leak—


Hard science now demonstrates it was a leak—a download executed locally with a memory key or a similarly portable data-storage device. In short, it was an inside job by someone with access to the DNC's system.
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
4/24/2019 | 8:29:23 AM
Re: Russia Hacked Clinton's Computers Five Hours After Trump's Call
Interesting but I would consult more directed source books on cybersecurity - doubt Mueller gets into testing requirements for CIISP cert. 
bwilkes8@gmail.com
0%
100%
[email protected],
User Rank: Moderator
4/23/2019 | 10:26:37 AM
Re: Russia Hacked Clinton's Computers Five Hours After Trump's Call
I've finished Volume I of the "Mueller Report" and there are many teaching points that cybersecurity professionals can use for points of education to end-users.

As someone who is wanting to learn more about cybersecurity this volume of the report is textbook material justifying IT secuirty training within the workplace. 
AndrewfOP
100%
0%
AndrewfOP,
User Rank: Moderator
4/23/2019 | 9:45:25 AM
Poor Editorial Choice
All news organization engaged in attention-grabbing headlines.  This article is not only the norm, but also pushes the boundary.  The relevant content for the headline did not appear until the last paragraph and even then, it barely has more information than the headline.  The headline description at most should be part of the lead sentence, and regardless of the headline problem, there should be more elaboration of the five hour hack.  Terrible execution overall.

 
PanamaVet
100%
0%
PanamaVet,
User Rank: Strategist
4/23/2019 | 8:45:01 AM
Re: Russia Hacked Clinton's Computers Five Hours After Trump's Call
 Well said.  The content of the article does not validate the headline.

I believe they underestimate their audience.

I fully support their rights to free speech in the USA.

I am free to choose where I go for trustworth information security content.

I dropped an email to a friend of mine in sales at Cylance asking if they know about this editorial shift at DarkReading.  I know they take their marketing strategy seriously.  I included a link to this article. 

 

I have seen other technology publishers make the switch to politics.  I don't want my friends to suffer because of it.

The problem in this case is not just politics.  It is the inability to draw a reliable conclusion that includes the editorial hierarchy.  It is sensational misinformation on the front page.

 

 

 

 

 

 

 

 
bwilkes8@gmail.com
100%
0%
[email protected],
User Rank: Moderator
4/22/2019 | 9:56:32 AM
Russia Hacked Clinton's Computers Five Hours After Trump's Call
This article should address

- Use of spearphishing

- Lack of IT security training

- Patterns of hacking

However, its title is inaccurate based upon the report's content and its subject matter tarnishes this sites creditbility. 
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5669
PUBLISHED: 2021-10-26
Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
CVE-2021-40343
PUBLISHED: 2021-10-26
An issue was discovered in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user to elevate their privileges to the root user.
CVE-2021-40344
PUBLISHED: 2021-10-26
An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution.
CVE-2021-40345
PUBLISHED: 2021-10-26
An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands.
CVE-2021-42343
PUBLISHED: 2021-10-26
An issue was discovered in Dask (aka python-dask) through 2021.09.1. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (ty...