Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

NYT hack initiated through third party services

Imperva : 29 August, 2013  (Technical Article)
Imperva comments on the hacking of the New York Times with reference to the role played by 3rd party service providers such as the ISP
NYT hack initiated through third party services

In response to news of the New York Time hack, Barry Shteiman, Senior Security Strategist at Imperva provided the following comments: Based on available resources, the New York Times hack is in fact a DNS service breach. If you go directly to NYT via their IP Address, the site is up and running. This is unfortunately a validation to a prolonged security problem inherited in the way that companies rely on 3rd party public services to conduct their business. While a company like NYT may be able to secure their own platforms, harden their systems and regularly check for vulnerable components on premises – it is a much harder practice when some of that infrastructure is provided by a third party like an ISP or a DNS Hoster.

At some point, CIO’s need to realize that critical pieces of their online entities are controlled by vendors, and that security policies should apply to them as well.

Companies should create contingency plans, and check the security measurements taken by their 3rd party content and infrastructure providers. A DNS is unfortunately, a great example.

It makes lots of sense for a Hacktivist group that wishes to display their message and show that they exist – to go after high end media. The Syrian Electronic Army have been actively hacking Twitter accounts of news sites and have recently escalated to hacking into the websites themselves to create awareness. This is in an essence, what Hacktivism is. There is no profit involved however making all of us aware of the Syrian rebellion is their goal. The Syrian Electronic Army is very successful in creating the awareness that they are after.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo