Scary stuff

This article over at Government Executive is pretty damn scary if you ask me.

In a nutshell the Pentagon was hacked with a known vulnerability, no one noticed for two months that malware was jumping from box to box in a spoofed email collecting information.  They only noticed during some schedule IT restructuring and not with any of their security devices.

“It made a big difference” in securing the OSD network, which currently gets 70,000 malicious attempts at access a day, Clem said.

If this is true, out of the 70,000 malicious events they see a day.  One, that used a known vulnerability got through.  Does the Pentagon not patch their systems?  I know many enterprises take up to a month (sometimes longer) to get patches tested and rolled out but one would think that the Pentagon would be a little more aggressive.  Apparently not.  One would think that the Pentagon would be filtering email and perhaps running some sort of IPS.  Apparently not.  Or if they are, perhaps someone over at the Pentagon needs to read my earlier blog post.

Another good read on this is over here and of course no article would be complete without accusing the Chinese of being the attacker.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: