The Slow ... Slow timeline of data breach reporting

The Slow ... Slow timeline of data breach reporting

Prof Bill Buchanan OBE FRSE Prof Bill Buchanan OBE FRSE

Prof Bill Buchanan OBE FRSE

Old World Breaker, New World Creator

发布日期: 2016年5月26日
+ 关注

The Internet works fast. I post something, and it can be spread around the world in less than a second. But when it comes to data breaches, news from the source of the breach can travel quite slowly.

So today I received an email telling me what I already know:

So, that was nine days for them to discover it, and post out details to me. In between then I have managed to post a few articles related to it:

and I manged to presented some analysis on the hack to audiences. One thing I have learnt in the last week, is that so many people have had problems with their Linkedin account being compromised, or receiving emails that their had been suspicsion activity on their account. At the end of my presentation in Glasgow last week, I had a line of people waiting to show me their Linkedin security problems.

The email sent is fairly bland, and doesn't reveal anything what was not already known. It does mention that intruders gained by the hashed passwords of users, but fails to identify that the passwords hashes were not salted:

Member email addresses, hashed passwords, and LinkedIn member IDs (an internal identifier LinkedIn assigns to each member profile) from 2012.

If you want an introduction into Incident Response, you can view it here:

Conclusions

While small companies will always struggle to find the resources to investigate a breach, there are no excuses for large companies who should have the expertise to investigate an incident, and report on it in a clear and consise manner. I manage to post several articles and gave presentations on the breach update, before they even told me that it had happen.

I think ALL companies should release details of the password management systems, including whether the passwords are hashed, and if they are salted. Companies can also define if they use more advanced features, such as storing the salt value in a seperate database, and implementing multifactor authentication. Only then will users know if their details are being stored in a secure manner.

Large companies thus need to be much faster in terms of their incident response, and need to quickly understand the scope of a breach, and report back to their customers. They should also make sure that their CEO is well primed, or this can happen:

要查看或添加评论,请登录

Prof Bill Buchanan OBE FRSE的更多文章

社区洞察

其他会员也浏览了