Note to Fannie Mae: Dealing with Logic Bombs

Today, it was revealed that a departing contractor left Fannie Mae with a parting gift – a Logic Bomb designed to take 4000 of the financial giants servers & their data. Since this news broke, a number of concerned CIOs have requested my team for some guidance on how to deal with logic bombs. So here is a quick lesson on these malicious attacks. Read more…

Akshay Aggarwal
Practice Manager (North America & Latam)

Comments

• Anonymous
  January 31, 2009
  PingBack from http://www.anith.com/?p=4159
• Anonymous
  February 03, 2009
  The detailed FBI report about the incident is an interesting read. It would have been a real catastrophe had the script got executed. Lucky Fannie Mae :-)One question though.. Do you think such a security design, where in one individual, if he desires, is allowed log on to and run a destructive code on all those 4000+ systems.Also, some intergrity checking of the script files ( like MD5) just before initialization would be a nice idea( Agree to the fact that some one with sufficient access rights will be able to manipulate the checksum database too :-( )
• Anonymous
  February 04, 2009
  Thanks for the post !The FBI Report on the Fannie Mae incident is a good read. It really surprises that one individual has  access to 4000+ systems with administrative rights. Is such a flat security design suggested ?Also, wouldn't it be a nice practice to checksum the original critcal script files and verifying the scripts against the stored/protected checksums those checksum before initiating.
• Anonymous
  February 07, 2009
  The comment has been removed