Welcome back to Head in the Clouds, our ongoing blog of interesting web articles we’ve noticed, with a focus on cloud computing and security. With all the information thrown your way constantly – why not see what CloudLock has been reading, found compelling, or thinks is worth a look.
Today, we’re looking at Xbox Live hackers getting arrested, a list of your passwords, and employees going rogue.
Roguelike – The employee edition
This week I’m starting with a story that lands nicely in our own corner of the information security world. A survey of 1000 office workers at large companies finds that 20% of employees have intentionally uploaded corporate information to personal accounts to share outside their company. Additionally, over 25% of those surveyed admitted they’d take corporate data when leaving the company.
Just as cloud computing makes the entire process of working in today’s hyperconnected world easier, it brings up new challenges that we have to address, with advanced security policies and employee training. Protecting your corporate data from the internal shadow IT threat is just as important as the external ones we hear about on nightly news, especially if your employees might not see it as a security issue.
Lizards? In my Xbox?
For those of you with kids, or those of you who are giant gaming dorks like me, you might have noticed the PSN and Xbox Live issues over the last month, including a significant outage on Christmas. Nothing like dropping $500 dollars for a device that can’t get online, all because of some script kiddies named Lizard Squad.
For those of you who love the delicious flavor of justice, Brian Krebs has an article about Lizard Squad members being arrested. As a DDoS for hire group, they apparently pocketed over $11,000 in bitcoins to attack various sites, but the high profile attack on Xbox and PSN, and their subsequent twitter boasting ended up being their downfall.
Also in the justice category, is the fact that some white hat (or more grey perhaps) hackers are now attacking Lizard Squad’s website, in a revenge slash justice attempt.
From a publicity stance, attacking services that technical people use and enjoy is kind of genius, as you’re guaranteed to get some buzz, but as this story shows – once they realize what you’re doing, and they dust off their own devices, they’re coming back for you. With the FBI in tow.
What do you mean ‘password’ as a password isn’t secure?
Sit down everyone, this is shocking. Passwords are still incredibly insecure, and the most popular ones are as horrible as you’d imagine. SplashData has released it’s annual list of the Worst Passwords, and it’s just as horrible this year.
Now, granted. Those of you who are reading a blog about security on a website for a company who focuses on security are probably not using any of these (I hope), but there’s nothing like a good cautionary tale to see what the average password user out there is throwing together.
I think we’ll eventually evolve our infrastructure past the need for passwords, but until then – ask your parents and grandparents to update from QWERTY please?
That’s it for HitC this week. We’ll be back next week with more interesting web goodies to read when PSN is down.