
How The Syrian Electronic Army Hacked Us - wglb
http://www.forbes.com/sites/andygreenberg/2014/02/20/how-the-syrian-electronic-army-hacked-us-a-detailed-timeline/
======
mr_spothawk
> The editorial staffer, who had “super-administrator” privileges on Forbes’
> WordPress publishing platform...

facepalm

------
coldcode
Security and Wordpress seem to be disconnected.

~~~
DigitalSea
This is an attack that could happen to any site, Wordpress is irrelevant here.
I know people like to bash and blame Wordpress for security issues, but in
this instance it was the person who received the email that is to blame for
not being diligent and aware of such attacks.

~~~
bsder
No. I'm tired of people blaming the recipients of emails.

The blame lies on IT departments who won't implement email authentication
systems that have existed for years.

There should be a big green bar at the top of emails from people I would be
likely to trust.

~~~
keyhole_downs
In this case, the email WOULD HAVE HAD a big green bar at the top. It was an
email from a legitimate contact at VICE media who's email account had been
compromised... possibly via something like the Target database leak.

------
sheetjs
Something similar happened to CNN earlier this year:
[https://news.ycombinator.com/item?id=7113526](https://news.ycombinator.com/item?id=7113526)

In both cases, WP-powered sites were attacked.

------
dav-
The weakest link in software security is often people.

~~~
fulafel
Everything is ultimately built for people. This is just an obscure phrasing of
"bad HCI design".

------
dublinben
From that telling of the story, multiple people made grave mistakes in a
relatively short time period.

------
ommunist
How can they be so sure it was not The Albanian Cyber Self-Defence
Humanitarian Task Force?

------
blueskin_
tl;dr: Someone got phished.

That is not cracking, which is also not hacking.

