Data Breach

Equifax and the Precedent Set by the Media

With all of the coverage, it’s really not worth recapping the entire Equifax breach and how disastrous it is and likely will be for American adults for years to come.  Of course, this all depends on who reaped the reward and what their intentions are… There will be plenty of speculation in the weeks to follow and hopefully a glimmer of factual evidence will be included. What I do want to talk about is the picture painted by the media of Equifax’s security leadership, Susan Mauldin, whose qualification as Equifax’s Chief Information Security Officer is being scrutinized, because of Susan’s education. Let me preface this post with: I do not know Susan Mauldin I have never met Susan Mauldin I have absolutely no clue whether she is qualified or not… but neither do you. I typically do not feel compelled to write an opinionated post on such a topic, but in this case, I felt it to be necessary.  Why?  Because this is an industry that is thirsty for talent and after working in InfoSec for years, I have met many amazing (talented) people.  When I say, “amazing,” I mean – I would not be where I am today without…

continue reading

Sony Hack – FireEye Claims They Are Not At Fault… Sounds Phishy ;)

If you haven’t heard about the Sony hack (#SonyHack) you are most likely living under a rock.  Every news outlet under the sun has been reporting on the breach for just over a week now.  The data that has been leaked so far has experts estimating the damage has already exceeded $100 million dollars and in the midst of all of this, hacked e-mails between big shot producers and Sony Pictures execs have Hollywood tearing each other limb from limb.  In response to the attack, Sony has been working with the FBI and they have recruited premier incident response service Mandiant (Purchased by FireEye in January of this year). ArsTechnica recently published an article regarding Kevin Mandia’s (Head of Mandiant and founder) letter that basically states that Sony is blameless for the attack, that the attackers used “non-standard strategies”, and that the attack was unprecedented.  Coming from such a well-respected authority, it appears to be an attempt to eliminate or limit Sony’s liability on the matter, but statements like these don’t come without backlash… especially from the security community. Maybe this letter wasn’t to limit Sony’s liability, but instead, it was intended to protect the reputation of FireEye? Doesn’t Sound Right “Non-standard…

continue reading