Comments on: Shell’s Data Breach: A Security Spill? http://www.gfi.com/blog/shells-data-breach-security-spill/?utm_source=rss&utm_medium=rss&utm_campaign=shells-data-breach-security-spill Brought to you by GFI Software Fri, 09 Aug 2013 12:13:46 +0000 hourly 1 By: Emmanuel Carabott http://www.gfi.com/blog/shells-data-breach-security-spill/comment-page-1/#comment-3737 Emmanuel Carabott Tue, 02 Mar 2010 15:42:32 +0000 http://www.gfi.com/blog/?p=1920#comment-3737 Yes I do agree it looks ugly for the NSA to suffer such an attack; however, one must understand that the NSA, just like any other organization is made up of people, lots of them I suspect, and even provided that the NSA does everything exactly as it preaches you still cannot control that one employee who, to cut corners because of tight deadlines or simply because he was still not very experienced, missed some sanitation code in the web application that he was developing and subsequently was unlucky enough that testing missed it as well.

Don’t get me wrong, you’re right, an SQL injection is like one of the most basic things you can ever face! It shouldn’t have slipped the developer and testing should have tried it out and found the flaw.

Let’s hope that events such as these help to educate people and help them grow. Security is a never ending process and a battle with the defender at a disadvantage. The defender needs to think about everything while the attacker needs only find one weakness.

]]> By: IT Ninja http://www.gfi.com/blog/shells-data-breach-security-spill/comment-page-1/#comment-3598 IT Ninja Fri, 26 Feb 2010 02:38:19 +0000 http://www.gfi.com/blog/?p=1920#comment-3598 Hi Emmanuel, as an ethical hacker (white hat) myself, I do agree that no system is perfectly safe specially on the internet but what simply stunned me the most was the facts behind the NSA attack. The NSA has been on top of security campaigns with its countless press releases but it cannot defend itself against a 8-year old technique that even a techie high-school kid can conduct? And now here’s more, NASA servers “live” vulnerabilities are listed on pinoysecurity too.

]]> By: Emmanuel Carabott http://www.gfi.com/blog/shells-data-breach-security-spill/comment-page-1/#comment-3403 Emmanuel Carabott Fri, 19 Feb 2010 13:12:14 +0000 http://www.gfi.com/blog/?p=1920#comment-3403 Hi IT Ninja, thank you for sharing this with us. I personally haven’t had heard of this event; however, after looking it up it was in fact reported sporadically here and there. Seems like they fell victim to SQL injection.

The thing is that no one is perfectly safe, everybody can get hacked. But I agree with you, downplaying the incident will serve no good purpose. Obviously you don’t need to make a fuss over it either but if you’re a victim of SQL injection then wouldn’t it be better to say that the issue was identified and fixed, rather than it’s no big deal that no data was stolen for example? (Of course you must make sure that you fix the issue before claiming that it is fixed) No one expects you to be perfect but I would worry if I think that a company that I do business with doesn’t see the danger for what it is, and by downplaying these types of incidents that’s what will happen.

]]> By: IT Ninja http://www.gfi.com/blog/shells-data-breach-security-spill/comment-page-1/#comment-3402 IT Ninja Fri, 19 Feb 2010 10:47:00 +0000 http://www.gfi.com/blog/?p=1920#comment-3402 btw, the National Security Agency was recently hacked. Yes hacked! But it was downplayed to the media for obvious shameful reasons. Here’s the link :

http://pinoysecurity.blogspot.com/2010/02/wwwnsagov-hacked.html

]]>