2010's biggest security SNAFUs

By Ellen Messmer and Tim Greene, Network World |  Security, security, Stuxnet

That old phrase SNAFU ("Situation Normal, All F---ked Up!") certainly describes our choices for 2010's top 10 security screw-ups.

Also read: Ten Worst Moments in Network Security History

Not surprisingly some of the biggest names in technology - Google, Cisco, McAfee, AT&T - are prominent on the list, either because they're obvious hacker targets or because whenever they make a security mistake, it's big news. Without further ado, the list:

Aurora attacks on Google. In what's come to be called the "Aurora attacks," Google in January acknowledges valuable intellectual property was stolen via a network break-in during that past December, intimating China to be the origin of the cyberattack. About a dozen other high-tech and industrial companies appear to  have been struck in similar fashion. The Chinese government says it doesn't know what they're talking about. Outraged over the cyber-intrusion, Google, which had been adhering to Chinese dictates regarding search-engine censorship, says it will defy them, putting its search-engine license in China in jeopardy. But by year-end, under Chinese pressure, Google abandons its tactic of re-directing Chinese user traffic to its more liberal Hong Kong site and its renewed China license requires censorship.

China ISP takes Internet for a ride. A small Chinese ISP called IDC China Telecommunication briefly hijacked the Internet by sending out wrong routing data, which was re-transmitted by state-owned China Telecommunications, affecting service providers around the world. The event was noted in the "2010 U.S.-China Economic and Security Review" commission report presented this November to Congress, which pointed out for 18 minutes on April 8, China Telecom rerouted 15% of the Internet's traffic through Chinese servers, affecting U.S. government and military Web sites. Widely reported, media attention raised the question of whether China was somehow testing a cyberattack capability, but China Telecom rejected those claims, calling the April traffic re-direction an accident.

Originally published on Network World |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

Ask a Question