Easily digestible tech news... http://www.techdirt.com/ en-us http://www.techdirt.com/images/td-88x31.gifhttp://www.techdirt.com/ Tue, 19 Jan 2010 22:04:00 PST Mike Masnick http://www.techdirt.com/blog/innovation/articles/20100119/0312137807.shtml http://www.techdirt.com/blog/innovation/articles/20100119/0312137807.shtml no longer true, as other threats were becoming a much bigger deal. While that study seemed to use very different methodology, a new study is out that agrees that insiders are a much smaller threat, but notes that outside hacking surpassed "human error" as the cause of data breaches in 2009. While it's good that human error issues are decreasing as a percentage, is it worrisome that outside hack attacks are now becoming such a major problem? The good news in the data is that there were supposedly fewer reported attacks in 2009 (by a pretty large amount) compared to 2008 -- so one possible reading of the data is that people have been effective in preventing things like human error breaches much more often, which is what allowed outside hack attacks to take the lead on a percentage basis. However, with recent stories of things like China's hack attack on Google it seems like we'll be hearing more and more stories about these sorts of attacks for one important reason: in many (certainly not all) cases, they can be quite effective.

Permalink | Comments | Email This Story
]]> is-that-good-or-bad? http://www.techdirt.com/comment_rss.php?sid=20100119/0312137807 Tue, 26 May 2009 14:33:00 PDT Mike Masnick http://www.techdirt.com/articles/20090525/1818175001.shtml http://www.techdirt.com/articles/20090525/1818175001.shtml other organizations from doing investigative reporting -- and we've been seeing a growing range of new online publications that focus on investigative reporting and do a great job of it. But a separate point is that it's often really not the investigative reporters who uncover the story, but the folks involved in the news themselves -- and those folks rarely get credit for providing the info that makes the journalistic effort possible.

Over the weekend, the news came out that the NY Times actually had the Watergate story before Woodward and Bernstein at the Washington Post. The acting director of the FBI leaked it to the Times just before Mark Felt, the associate director of the FBI, leaked it to the Washington Post (and became immortalized as "Deep Throat"). As Jay Rosen points out, this really means the FBI "broke" the story just as much as Woodward and Bernstein did. If there's a story that needs to get out there, never underestimate the folks on the inside for leaking it to get it out there -- and then there will be no shortage of folks to help spread the news. Again (so people don't misinterpret this), I'm not saying investigative reporters aren't needed -- but that not all of the story comes from the reporters themselves. And, on top of that, there are a growing number of publications willing to pick up the slack.

Permalink | Comments | Email This Story
]]> investigative-journalism-at-work... http://www.techdirt.com/comment_rss.php?sid=20090525/1818175001 Thu, 19 Feb 2009 00:32:21 PST Carlo Longino http://www.techdirt.com/articles/20090217/1230433801.shtml http://www.techdirt.com/articles/20090217/1230433801.shtml are on the rise as the economy churns out more and more disgruntled and/or desperate laid-off workers. Combine this with the high number of data breaches that are blamed on human error, and it's clear that the human factor remains a big problem in IT security. Technology often gets the blame for data breaches and leaks, but it's important to remember that in many cases, it's the implementation of the technology, or the policies behind it, that are to blame. For instance, in the massive TJX breach, a lot was made of the fact that the company's WiFi network was protected only by the easily cracked WEP security standard. But somewhere along the line, a human decision was made not to upgrade to something stronger, while another decision was made to transmit credit-card data without encryption. Whether it's simple incompetence or malicious activity, humans often surpass technology as the weakest link in the security chain.

Permalink | Comments | Email This Story
]]> the-human-factor http://www.techdirt.com/comment_rss.php?sid=20090217/1230433801 Tue, 15 Jul 2008 12:07:04 PDT Mike Masnick http://www.techdirt.com/articles/20080715/1138381689.shtml http://www.techdirt.com/articles/20080715/1138381689.shtml disgruntled tech worker who has planted some sort of trojan in a computer network that lets him shut down or destroy the network. The latest just happens to be an employee from the city of San Francisco, and the computer system happens to be its new multi-million dollar system. Even though the guy is now sitting in jail, he's apparently refused to hand over the administrative password needed to regain control over the system. Right now, it appears that he's been able to lock other top administrators out of the system, and officials are afraid that he's actually opened up access to someone else (though that might just be fear mongering). As for what's on the system? "Officials' e-mails, city payroll files, confidential law enforcement documents and jail inmates' bookings" among other things. Just a reminder that while insiders may not be the biggest threat to computer networks, they can still be a threat.

Permalink | Comments | Email This Story
]]> those-disgruntled-workers http://www.techdirt.com/comment_rss.php?sid=20080715/1138381689 Tue, 17 Jun 2008 22:50:00 PDT Mike Masnick http://www.techdirt.com/articles/20080616/0717011416.shtml http://www.techdirt.com/articles/20080616/0717011416.shtml less than one in five security breaches were due to insiders. Business partners are nearly twice as likely to be the cause of an attack, and then outside hack attacks are the largest threat. Of course, what isn't explained is whether or not the earlier data was just wrong -- or if something has changed over the last few years (more outside hacking, better controls on employees, etc.). That would probably be a lot more interesting and useful than just knowing the percentages.

Permalink | Comments | Email This Story
]]> but-why? http://www.techdirt.com/comment_rss.php?sid=20080616/0717011416