My brief take on a funny, unfortunate but true security incident I came across over the weekend.
The French TV5Monde television station was hacked last week by entities sympathetic to Islamic State. The hack led to a complete outage of the TV station’s website and all its social networks. This was a major blow to a media organization whose programs are broadcast in more than 200 countries.
The day following the hacking incident, TV5Monde aired a live discussion of the hacking incident with a journalist. During this live interview, several pieces of paper with passwords written on them were clearly visible in the background of the journalist. Among the list of passwords inadvertently shown to their worldwide audience was the password to TV5Monde’s youtube account.
TV5Monde has since changed the passwords and apologized for the ‘blunder’.
Here’s a couple of lessons for IT leaders from this ‘faux pas’
– Never write passwords down. If this can’t be avoided, have the written passwords kept in a physically locked space and not in plastered on a wall for everyone to see.
– Implement 2 factor authentication. So even if passwords are accidentally leaked, they have no value until they are changed.
– IT Security has to be ingrained in the corporate culture. Everyone is corporately responsible for keeping the organization secure. Send all associates on formal security training classes, offer them online self-paced classes or give them time off credits for taking cybersecurity classes such as the ones on Coursera
Have a great week and stay secure!
Patch or Perish – Lessons of WannaCry Ransomware
Last week, we saw one of the largest ransomware incidents in recent memory. Dubbed as WannaCry (also WannaCrypt, Wanna Decryptor), at this time, this malware is known to have infected over 230,000 computers in 150 countries. While…
- May 15 , 2017
The (North American) Internet Runs out of Addresses
Background American Registry for Internet Numbers (ARIN) announced earlier this week that they have officially exhausted IPv4 addresses. ARIN is the official organization tasked with providing unique network addresses to organizations that need to have a presence on…
- Sep 30 , 2015