
Hackers Lurking in Vents and Soda Machines - wallflower
http://www.nytimes.com/2014/04/08/technology/the-spy-in-the-soda-machine.html?hp
======
stcredzero
_“When you know you’re the target and you don’t know when, where or how an
attack will take place, it’s wartime all the time,” Ms. Hallawell said. “And
most organizations aren’t prepared for wartime.”_

The government should get in on this with pen testing and honeypots. Even
individual companies don't have the resources it would take to make it an even
contest. The government can't protect everybody, but it could change the
risk/reward calculations of being a criminal cracker. (If done correctly,
admittedly a big if.)

------
aeberbach
"Agent 13, is that you?"

------
sadfnjksdf
Misleading title- I didn't see much mention of a soda machine. :)

~~~
imagepop
I think soda machine was used to catch user's attention about the topic of
cyber vulnerabilities..

~~~
Wistar
Mountain Do While...

------
noir_lord
The fundamental problem is that having a highly secure network costs large
amounts of money and time (in direct work and as a knock-on effect of reduced
efficiency due to the overhead).

That and a lot of the software used in the Enterprise was intended initially
for smaller companies in a much less hostile part of the market.

I have no idea how to solve this problem, systems and software are basically
insecure from the ground up and often for convenience/cost reasons that is the
way they where _designed_.

As an aside I installed an older ReadyNAS today (little raid box) and out the
box it created AFP and CIFS shares with guest access on the local network, now
that is fine for me as it's a wired only network and there are only two of us
in the office but how many medium sized companies without IT departments are
running little NAS boxes that are shared to the world over WiFi and that is
just one recent example I can think off.

------
q_revert
the output of htop is almost distinguishable here

[http://static01.nyt.com/images/2014/04/08/business/Vulnerabl...](http://static01.nyt.com/images/2014/04/08/business/Vulnerable2/Vulnerable2-superJumbo.jpg)

"Companies scrambling to seal up their systems from hackers and government
snoops are having to look in the unlikeliest of places for vulnerabilities."

------
001sky
"Hackers Lurking in Vents and Soda Machines"

~~~
JetSpiegel
I vanted orrange.

~~~
ckozlowski
"Zee machine gave me grape."

Deus Ex reference, I'm guessing. (The first one.)

~~~
endgame
Isn't is "I vanted orrange. It gave me lemon-lime"?

~~~
JetSpiegel
Ja!

Laputan Machine.

------
SixSigma
> as countless third parties are granted remote access to corporate systems.

> 23 percent — of breaches were attributable to third-party negligence.

23 percent of countless is > infinity.

Leaving yourself exposed from third party equipment connected inside your
firewall is your own negligence.

------
jds375
These networks need to be better modularized with respect to security. I'm
sure it's expensive, but it has to be cheaper than dealing with big security
debacles such as Target's recent one.

~~~
chadgeidel
That's what I was wondering as well. Why does your HVAC monitoring system need
full network access (or even inside the firewall)?

I'm not a networking guru, would someone care to enlighten me?

