"Andy Greenberg’s compelling account points to a future in which few corporate and government secrets are safe". This is gonna be well worth a read, covers wikileaks, anonymous & loads of other important stuff: http://thismachinekillssecrets.com/
Over 10 years ago I prepared a security plan for major Health Science Center. One of the statements I made was : " if you really want to keep a secret, do not connect to the Internet". Another was to configure all the machines without USB ports and don't allow any external data storage or wireless devices in house. Were these suggestions accepted? Of course not.
That is kinda drastic, although it makes sense. Best thing to do is keep any critically confidential info on a separate, secured server that only is connected via LAN to specific computers. Anybody wanting info can get it via old fashioned print out. Hard to hack a print out, although not impossible.
The internet was not designed with security in mind, since it was mainly intended to serve for military communication during wartime, not for commerce and entertainment. I hope that security problems in the design will be addressed in future versions of IP. Security is not something you can just tack on as an afterthought, it's something that permeates the entire design.
Got to agree with that. Frankly, I am appalled at the ease with which organizations who "ought to know better" are being hacked. Either the IT industry is falsely confident or the management of these organizations just doesn't want to spend the money or exercise the discipline good security requires.
and also because the IT savvy younger crowd has not quite taken over from the retiring grey-hairs who don't have a fucking clue because they grew up with gestetner, snail mail, and fax technologies
Management doesn't understand that security has to go in from the start, and gives it backburner priority. "Get it up and running, and we can tighten it up later." "It's running? Okay, I'm moving you over to the other project. We need that done right away. Once that's done, you can finish off the security." "Something just came up that has top priority." "Something just came up that has top priority.." "Something just came up that has top priority..." ... "Those security changes will cause too much disruption of our operations, so we're going to hold off for now." "We've been hacked?! OMG, why didn't we have security in place to stop it?"
