New York Times security software fails.

Author	All Replies
Triple Helix Go Blue Jays Go Premium join:2007-07-26 Oshawa, ON kudos:7 Reviews: ·Rogers Hi-Speed	New York Times security software fails. NEW YORK (CNNMoney) During a four-month long cyberattack by Chinese hackers on the New York Times, the company's antivirus software missed 44 of the 45 pieces of malware installed by attackers on the network. That's a stunning wake-up call to people and businesses who think they are fully protected by their antivirus software. "Even the most modern version of antivirus software doesn't give consumers or enterprises what they need to compete in the hacker world," said Dave Aitel, CEO of security consultancy Immunity. "It's just not as effective as it needs to be." The New York Times said it had an antivirus system from Symantec (SYMC, Fortune 500) installed on devices connected to its network. The Chinese hackers built custom malware to, among other things, retrieve the usernames and passwords of Times' reporters. Since that brand-new malware wasn't on Symantec's list of forbidden software, most of it was allowed to pass through undetected. Symantec responded that it offers more advanced solutions than the one the New York Times (NYT) deployed. »money.cnn.com/2013/01/31/technol···=cnn_bin TH -- Triple Helix - Microsoft® MVP Consumer Security 2012/13 VIP Member Of ASAP - (Alliance of Security Analysis Professionals™) Official Webroot SecureAnywhere (Prevx) Support Forum Helper. (H59 Clan)
	to forum · permalink · 2013-02-01 09:09:59 ·
AVD Respice, Adspice, Prospice Premium join:2003-02-06 Onion, NJ kudos:1	Standard anti malware is no defense against targeted payloads.
	to forum · permalink · 2013-02-01 10:02:37 ·
HELLFIRE join:2009-11-25 kudos:7	reply to Triple Helix And this is news... how? How long did Stuxnet, et al fly under the radar in Iran? Why shouldn't it be any different on this side of the pond? ....moral of the story, NOTHING on the computer can be trusted... go back to the old mainframe / client and/or terminal / batch computing model. Nuke and pave every 24 hours. No more cloud / BYOD / ubiquitious Internet... am I missing anything? Regards
	to forum · permalink · 2013-02-01 11:38:23 ·
jaykaykay 4 Ever Young Premium,MVM join:2000-04-13 Scottsdale, AZ kudos:22	reply to Triple Helix Remember, the only really secure system is one that has been hooked up using a scissors and rendering it unplugged!
	to forum · permalink · 2013-02-01 15:10:18 ·
cableties Premium join:2005-01-27	reply to AVD said by AVD: Standard anti malware is no defense against targeted payloads. Yup. 8 years ago, I recall having a Symantec AV server pushing updates to clients. one PC HDD after another was filling up. It was Symantec's AV client not deleting the definitions...after 4 months, 40+ GB of useless files filed 15 PCs... I bought new HDDs for the first 3 that had the issue (they were under-sized so...). But then, next few days, a pattern. Thankfully, a colleague had gone through this and pointed me to the OBSCURE update patched and procedures that Symantec employed. I got approval to dump the server software and not renew the contract (less than 100 clients/servers). I deployed Avast (cheap site license) to all the PCs along with SAS (superantispyware...MBAM was not around then). Never an infection or intrusion. Plus having Fireguard and using OpenDNS (before they went commercial for biz), it was no-brainer. -- Splat
	to forum · permalink · 2013-02-01 15:21:37 ·
rcdailey Dragoonfly Premium join:2005-03-29 Rialto, CA	reply to jaykaykay Likewise, a computer with a fried motherboard, a seized hard drive, or a dead power supply is not vulnerable. It's useless, but not vulnerable. -- It is easier for a camel to put on a bikini than an old man to thread a needle.
	to forum · permalink · 2013-02-01 15:41:36 ·
Triple Helix Go Blue Jays Go Premium join:2007-07-26 Oshawa, ON kudos:7 Reviews: ·Rogers Hi-Speed	reply to Triple Helix Hackers in China Attacked The Times for Last 4 Months SAN FRANCISCO — For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees. After surreptitiously tracking the intruders to study their movements and help erect better defenses to block them, The Times and computer security experts have expelled the attackers and kept them from breaking back in. The timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings. Security experts hired by The Times to detect and block the computer attacks gathered digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times’s network. They broke into the e-mail accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Mr. Wen’s relatives, and Jim Yardley, The Times’s South Asia bureau chief in India, who previously worked as bureau chief in Beijing. »www.nytimes.com/2013/01/31/techn···ll&_r=1& -- Triple Helix - Microsoft® MVP Consumer Security 2012/13 VIP Member Of ASAP - (Alliance of Security Analysis Professionals™) Official Webroot SecureAnywhere (Prevx) Support Forum Helper. (H59 Clan)
	to forum · permalink · 2013-02-01 20:08:17 ·

Broadband Tech > Security > Security > New York Times security software fails.