For little more than the price of a good lunch, the New York Times could have plugged the holes that left a hacker free to wander its internal network.
The paper is still investigating the incident in which a 21 year-old hacker was able to browse confidential information including details of celebrity contributors and lists of contacts shared by the paper’s reporting staff.
A report by Securityfocus.com identified misconfigured proxy servers as the most likely cause of the problem.
Professional services firm FailSafe added that whatever else the investigation reveals it is a timely reminder about the relative costs of prevention and cure.
Business development director Jocelyn Honeybunn said: “Even when there are no material losses sustained, what does something like this cost in terms of damage to the reputation of a business? By exposing details of contacts and contributors the newspaper not only damaged its standing in the eyes of readers but failed to meet the basic obligation of journalism to protect its sources.“
The New York Times is not the only organisation to ignore dangerous security holes.
“We know of one high street bank that had its firewall wide open for six weeks before anyone noticed anything was amiss,“ Honeybunn said.
“This is just another in a long sequence of embarrassing but completely avoidable incidents. Sometimes these are down to sloppy procedure. Sometimes they are the result of newly discovered vulnerabilities in web software. In either case they can be prevented by taking sensible precautions and by remaining vigilant.”
FailSafe performs one-off and continuous tests for vulnerabilities in corporate networks and claims the annual cost of mounting an effective defence ranges from a few hundred to a few thousand pounds.
FailSafe is a professional services company specialising in information security. Part of Mettoni Group Plc, FailSafe advises financial, legal and government institutions on all aspects of security policy and practice.
tel: 01628 604015
Interview opportunities available
This press release was distributed by ResponseSource Press Release Wire on behalf of Patterson Media Services (formerley ByLine Group) in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.