I’d like to call on college professors to listen to me for a few minutes.  I’ve been a strong proponent of higher education even though I originally dropped out of college.  I eventually went back to finish my degree but it was only after I had been in the workforce for about 8 years.  (Kids, if you read this, stay in school.  I chose a hard road that worked for me but it won’t for most others.)  I am finding however, a fairly large gap in what colleges are teaching and what the real world needs.  This has been a trend for several years and we need to reverse it if a college education for information technology careers is going to maintain its relevance.

If you are responsible for teaching anything in computer science, CIS, MIS or a similar program, please consider the following:

Read more: Calling all Computer Science Professors and Deans

So the LizardSquad has taken responsibility for the DDOS attacks on the Microsoft Xbox Live and Sony PlayStation networks over the past couple of weeks.  The attacks were nothing special though.  DDOS is simply an attack where you throw more junk at something than it was designed to handle.  Pour a gallon of water in an 8oz glass and it’s going to overflow.  I could always drink from a 128oz glass to ensure I never have lose a drop of water but what’s the point?

While DDOS attacks are real and their effects have serious consequences, there is nothing clever about them in most cases.  They are simply a collection of compromised machines all turning their resources to overwhelm a victim that wasn’t prepared.

Read more: LizardSquad Takes Credit for Xbox Live and PlayStation Network Outages

Thousands of payment card terminals became nothing more than small boat anchors last week.  The card terminals became a “brick” after a cryptographic key expired.  Funny thing, the key was created in 2004.  This means it hadn’t been updated in 10 years.  How exactly is this PCI compliant?  I’m pretty sure management of cryptographic keys is required by PCI.  Security of card terminals is quite often the responsibility of the terminal vendor but organizations have a duty to perform vendor management to ensure your systems are safe.  Ask your card terminal vendor when the last time cryptographic keys were changed or updated this week.

The team at Integrity wishes you and your family a very Merry Christmas season.  We pray that you are able to stop and reflect on this as a season of hope and will share it with those close to you.

From a personal perspective, the hack of Sony is of little consequence to me.  I probably own stock in the company via a mutual fund somewhere but any financial losses will be minimal and likely undiscernible in the grand scheme of my retirement planning.  The Target and Home Depot hacks however were a pain in the rear.  I had to change debit cards and have fraudulent transactions reversed.  Yes, VISA covered the nearly $1,300 in fraudulent charges but I still had to cancel the cards, wait for new ones and setup recurring payments to Netflix.  Do you know what happens in a house with four kids who can’t get their Netflix fix?

Even though Target and Home Depot have or will spend millions to deal with their breaches and improve information security, I think the Sony breach is worse, and here’s why.

Read more: Why the Sony Hack is Worse than Target or Home Depot

A best practice that appears to be overlooked in many organizations is that of reducing your attack footprint.  During recent audits, we’ve discovered that organizations large and small are leaving themselves unnecessarily open to a security breach.  Hackers are like rock climbers.  They only need a series of small cracks within reach of the each other in order to make it to the summit.

Leaving unnecessary services running on a server, not locking down internal resources and allowing egress traffic with no filtering all increase your attack footprint.  It makes you easier to find, grab hold of and allows for a hacker to continually climb your infrastructure without falling off or having no other way to advance.

Read more: Reducing Your Attack Footprint

While NSA Director Admiral Rogers was providing the keynote at the ISSA International Conference last month, he made a comment that I found interesting.  He said that we can’t expect US companies to be able to continue to defend against hacking and espionage attacks from nation states.  I agree. 

Many of you may disagree and think corporate espionage is just a myth.  It is not.  It is real and costly.  For countries who rely on nationalized industries for the revenue to fund their government and military, the incentive to gain the upper hand is unparalleled.

Read more: NSA Chief Says Corporate America Shouldn’t Have To Defend Against Foreign Governments

Contact Information

Birmingham Office

205.568.5506


Des Moines Office

515.965.3756


Kansas City Office

913.991.8724