Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
REISEN1955
REISEN1955,
 User Rank: Ninja
4/25/2019 | 8:50:11 AM
Re: Correlation or Causality
Here we go - discussion has gone off the rails for technical issue and become more general.  Regret this, Linkedin is going political and so is this thread.  But there is a huge difference between 5 hours and 5 days. 
PaulV972
PaulV972,
 User Rank: Strategist
4/24/2019 | 6:04:06 PM
Correlation or Causality
If one believes that Trump's challenge triggered the Russian's actions, it should be terrifying that they could gain full access within 5 hours. 

Once agin, we've gone beyond absurd.  I for one welcome the day when our Gov't and our Politicians take a matter like information security seriously.  Sadly, the dumb show about Facebook is a useful distraction from the failngs of the government to NOT collect obscene amounts of data on their citizens, abuse access to that data, or purely secure that data from outside influences.

I suspect that element that upset the policians most was that their campaign didn't have access. 

 

 
bwilkes8@gmail.com
[email protected],
 User Rank: Moderator
4/24/2019 | 9:11:15 AM
Re: Russia Hacked Clinton's Computers Five Hours After Trump's Call
Point - individuals within the Clinton Campaign should have been more aware of phishing attempts, especially the campaign manager.

Point - individuals within the Clinton Campaign should have been reminded or even briefed basic security practices.

The report does not go into detail about what those individuals did other than to say they all opened phishing emails.  Vigilance was not part of their protocol.
bwilkes8@gmail.com
[email protected],
 User Rank: Moderator
4/24/2019 | 9:06:39 AM
Re: Poor Editorial Choice
The actual time period is five days not five hours, which is stated in the Mueller Report.
RonR726
RonR726,
 User Rank: Strategist
4/24/2019 | 8:56:10 AM
Re: Russia Hacked Clinton's Computers Five Hours After Trump's Call
If you are seeking a forensic analysis, look no furhter than Bill Binney's assessment who concluded:

Former NSA experts say it wasn't a hack at all, but a leak—


Hard science now demonstrates it was a leak—a download executed locally with a memory key or a similarly portable data-storage device. In short, it was an inside job by someone with access to the DNC's system.
REISEN1955
REISEN1955,
 User Rank: Ninja
4/24/2019 | 8:29:23 AM
Re: Russia Hacked Clinton's Computers Five Hours After Trump's Call
Interesting but I would consult more directed source books on cybersecurity - doubt Mueller gets into testing requirements for CIISP cert. 
bwilkes8@gmail.com
[email protected],
 User Rank: Moderator
4/23/2019 | 10:26:37 AM
Re: Russia Hacked Clinton's Computers Five Hours After Trump's Call
I've finished Volume I of the "Mueller Report" and there are many teaching points that cybersecurity professionals can use for points of education to end-users.

As someone who is wanting to learn more about cybersecurity this volume of the report is textbook material justifying IT secuirty training within the workplace. 
AndrewfOP
AndrewfOP,
 User Rank: Moderator
4/23/2019 | 9:45:25 AM
Poor Editorial Choice
All news organization engaged in attention-grabbing headlines.  This article is not only the norm, but also pushes the boundary.  The relevant content for the headline did not appear until the last paragraph and even then, it barely has more information than the headline.  The headline description at most should be part of the lead sentence, and regardless of the headline problem, there should be more elaboration of the five hour hack.  Terrible execution overall.

 
PanamaVet
PanamaVet,
 User Rank: Strategist
4/23/2019 | 8:45:01 AM
Re: Russia Hacked Clinton's Computers Five Hours After Trump's Call
 Well said.  The content of the article does not validate the headline.

I believe they underestimate their audience.

I fully support their rights to free speech in the USA.

I am free to choose where I go for trustworth information security content.

I dropped an email to a friend of mine in sales at Cylance asking if they know about this editorial shift at DarkReading.  I know they take their marketing strategy seriously.  I included a link to this article. 

 

I have seen other technology publishers make the switch to politics.  I don't want my friends to suffer because of it.

The problem in this case is not just politics.  It is the inability to draw a reliable conclusion that includes the editorial hierarchy.  It is sensational misinformation on the front page.

 

 

 

 

 

 

 

 
bwilkes8@gmail.com
[email protected],
 User Rank: Moderator
4/22/2019 | 9:56:32 AM
Russia Hacked Clinton's Computers Five Hours After Trump's Call
This article should address

- Use of spearphishing

- Lack of IT security training

- Patterns of hacking

However, its title is inaccurate based upon the report's content and its subject matter tarnishes this sites creditbility. 
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file