Hinweis
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, sich anzumelden oder das Verzeichnis zu wechseln.
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, das Verzeichnis zu wechseln.
Today, it was revealed that a departing contractor left Fannie Mae with a parting gift – a Logic Bomb designed to take 4000 of the financial giants servers & their data. Since this news broke, a number of concerned CIOs have requested my team for some guidance on how to deal with logic bombs. So here is a quick lesson on these malicious attacks. Read more…
Akshay Aggarwal
Practice Manager (North America & Latam)
Comments
- Anonymous
January 31, 2009
PingBack from http://www.anith.com/?p=4159 - Anonymous
February 03, 2009
The detailed FBI report about the incident is an interesting read. It would have been a real catastrophe had the script got executed. Lucky Fannie Mae :-)One question though.. Do you think such a security design, where in one individual, if he desires, is allowed log on to and run a destructive code on all those 4000+ systems.Also, some intergrity checking of the script files ( like MD5) just before initialization would be a nice idea( Agree to the fact that some one with sufficient access rights will be able to manipulate the checksum database too :-( ) - Anonymous
February 04, 2009
Thanks for the post !The FBI Report on the Fannie Mae incident is a good read. It really surprises that one individual has access to 4000+ systems with administrative rights. Is such a flat security design suggested ?Also, wouldn't it be a nice practice to checksum the original critcal script files and verifying the scripts against the stored/protected checksums those checksum before initiating. - Anonymous
February 07, 2009
The comment has been removed