How is it that so many big professional organizations are getting hacked? Just to name a few, Sony Pictures, Toyota, TJ Maxx.

These corps have the money to pay competent CIOs to secure their systems. Why don't they?

I hate to be political, but now Hillary and the DNC!

How is it the DNC doesn't have a competent CIO to deal with this stuff.

How is it that Hillary Clinton in this day and age not know about viruses, hackers and computer security. Having had an exceptional education, been a past govenor/senator and this being 2016? Politicians should have access to info/intel light years ahead a normal citizen.

How could the tech staff that installed the hardware at Hillary''s house not know of these vulnerabilities? What tech admin would approve this? Has the top tech guy/gal been fired?

These seem to be the questions no one asks!

Well then this would tell me that the CEO/head person at these organizations are incompetent and should be gotten rid of. Or take a class on basic Internet security. See some documentaries on hacking devestation.

But then again, this is White House staff we're talking about! They installed that stuff at Clinton's house. Where are they? How could they be so dumb?

Well.... I woulda reached out to the federal ethics hotline at least and got something verifiable that I contacted them, just to cover my own rear end. Or mentioned some clues/hints to my manager.

Do they have a federal ethics hotline for government employees?

Pretty sure they do and that is definitely an option.

The other part of this is that we are woefully behind China and possibly even Russia when it comes to cyberwarfare capabilities. There is a reason why the Feds have bans on buying certain Chinese manufactured electronics.

http://techonomy.com/2013/04/huawei-zte-banned-from-selling-to-u-s-government/

We are the US! World super power! What about all that state of the art tech the military is in on before anyone else? How are these countries ahead of us?

MIT and CAL TECH are in our backyard with the best students from all over the world!

I'm in the reserve and we have to do this IT DoD security course every year. Boring AF, but it reminds us on how to keep our information secure. Doesn't all govt employees have to take this course? With Clinton's busy schedule, I doubt she would take a course like this every year, probably has her secretary do it for her or something. Also I don't know how the rest of the government does their email but I have to use this outlook web 2003 thing for my email. Glitchy AF! Only works in Internet Explorer which is only secure in the latest version. Microsoft is trying to get rid of it completely, but the govt still uses it for everything. You can't have it route to your phone because it's the military and have to have my ID card connected. Guess I can see why she had her own email servers. I don't know about y'all but I think a majority of our govt IT stuff is outdated to like early 2000s which is why they get hacked. I bet a lot of these major companies get hacked because they don't want to pay for updated systems. Which is why you never really see Google, Apple, or Facebook getting hacked. Just my opinion on this stuff, I'm not a IT security genius.

Hmm. Makes since.

Oh well. Hope things get better!

The number of "smart" people that still click on links in obvious spam emails is surprising. As others have mentioned, there are plenty of other things that people do to negate established security measures or to prevent further measures from being implemented.

Here's an idea: how about email providers like gmail/Hotmail/yahoo make it to where before a user receives email from anyone, the user must first authorize that email account to send them email to begin with?

If you never authorize anyone, then you will never receive email. If you authorize everyone, you increase risk.

At least with this option, everyone you get mail from will be someone you know. Then have an option where you don't accept attachments or links in any emails. No pictures either.

How about this be a option?

quote:

---

Here's an idea: how about email providers like gmail/Hotmail/yahoo make it to where before a user receives email from anyone, the user must first authorize that email account to send them email to begin with?

If you never authorize anyone, then you will never receive email. If you authorize everyone, you increase risk.

At least with this option, everyone you get mail from will be someone you know. Then have an option where you don't accept attachments or links in any emails. No pictures either.

How about this be a option?

---

Well, considering people open that email now and click links, what makes you think they wouldn't take the extra step to "activate" that email address as soon as it came in? If you force people to activate ahead of time you lose the large amount of legit emails from places that you don't expect.

It also seems like you may under appreciate the difficulties in securing a system. As your complexity grows, so does your surface area for attack.

Yes, there are idiots out there, but many of these systems are built by incredibly smart folks and it is a bit silly to just throw out random ideas and assume you could lock down a multi million dollar system that requires access from all over the world.

Even if you do make it perfectly secure, YOUR people have to be able to get in which means social engineering attacks are always possible and THAT is an oft used way in on these.

The problem is much more difficult than you seem to believe it to be.

quote:

---

Here's an idea: how about email providers like gmail/Hotmail/yahoo make it to where before a user receives email from anyone, the user must first authorize that email account to send them email to begin with?

If you never authorize anyone, then you will never receive email. If you authorize everyone, you increase risk.

At least with this option, everyone you get mail from will be someone you know. Then have an option where you don't accept attachments or links in any emails. No pictures either.

How about this be a option?

---

Except for your approved contacts can get hacked and send you a bad link. It isn't full proof.

quote:

---

quote:

---

Here's an idea: how about email providers like gmail/Hotmail/yahoo make it to where before a user receives email from anyone, the user must first authorize that email account to send them email to begin with?

If you never authorize anyone, then you will never receive email. If you authorize everyone, you increase risk.

At least with this option, everyone you get mail from will be someone you know. Then have an option where you don't accept attachments or links in any emails. No pictures either.

How about this be a option?

---

Except for your approved contacts can get hacked and send you a bad link. It isn't full proof.

---

Or the attacker could spoof the email addresses of known senders as well.

Heck, just hang around THIS BOARD for a few months and you'll read at least a handful of posts where folks are asking how to get around firewalls or IT policies so they can install software, stream videos, download torrents, etc.

A) The Chinese government actively engaged in theft/hacking

B) I suspect most of the exploits might be coming from everything essentially being spyware. Just pure paranoid guess on my part.

Some of my clients think there will be a return to the "office tower" with a hard wired network for a company - but they might be a little crazy.

But I think the main part is jackassery/BYOD - which also strikes me as jackassery.

Oh, believe me, I know.