Why there will be no patch for the Petraeus vulnerability

Security experts had four words of advice for those wondering over the implications of the sudden resignation last week of the U.S.'s Director of Central Intelligence, General David Petraeus: 'get used to it.'

By , ITworld |  Security

Joe Gottleib, the CEO of the security firm Sensage, talks about the ways in which social networks "automate" trust online in ways that are unpredictable. By simply 'liking' or 'friending' someone, Gottlieb told the security blog Threatpost, you create "automated associations that lead to exposure of both good and bad social interactions," Gottlieb said. Social networks like Facebook or Twitter assume that, by taking those actions, you are prepared for all of the consequences, but that's hardly ever the case. And, once the connection is made, the implicit trust becomes a dangerous security exposure, lowering the target's defenses to attacks.

There's a tendency to have engineering solutions, but almost everything is a social problem. We need much better management of the human - rather than the technical- side.

Richard Bejtlich, Chief Security Officer, Mandiant

The Petraeus affair is a great example of this. After all, the General wasn't the target of the FBI investigation, but his surreptitious e-mail ties to Broadwell made him collateral damage in a case that began with anonymous exchanges between a jealous lover (his) and a well-connected Tampa, Florida socialite. No Robert Hansen making dead drops of classified information to the KGB in D.C. parks, General Petraeus's crime was sending saucy e-mails to his biographer and paramour - herself an Army intelligence officer. Should he be fired - or in couples therapy?

Richard Bejtlich, the Chief Security Officer at the firm Mandiant, said that the circumstances of the case are unusual. Still, it's illustrative of the ways in which organizations - even intensely security-conscious organizations like the CIA - have allowed the barriers between personal activity and work-related activity erode. Bejtlich, whose company helps companies understand cyber incidents and defend against them, said that the advent of web based e-mail, social networks and mobile devices like iPhones and iPads has brought about an erosion of policies that required employees to segregate work- and non-work related online activities.

E-mail may not be sexy anymore, but it's still an information goldmine for attackers and criminal investigators alike, Bejtlich says. Email spools for individual users might contain thousands or tens of thousands of messages, including user names, passwords, account information and a useful social graph.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness