

Chinese Hackers Stole NYT Employee Passwords - angelohuang
http://nymag.com/daily/intelligencer/2013/01/chinese-hackers-stole-nyt-employee-passwords.html

======
marios
The NYT article describing the attack is a non-article, as they don't have
real proof (or perhaps they do, but they haven't disclosed it). Reasons are
well developped on the ErrataSec blog [1].

[1] [http://erratasec.blogspot.fr/2013/01/the-nytimes-article-
was...](http://erratasec.blogspot.fr/2013/01/the-nytimes-article-was-content-
free.html)

~~~
tantalor
Why do they have to disclose it? NYT is a reputable source.

The article mentions "tracking the movements of intruders"; most likely this
is in the form of text logs.

------
FellowTraveler
Use hardware-based Crypto Keys.

Use Crypto Keys for your email.

Use Crypto Keys for your garage door opener.

Use Crypto Keys for your encrypted hard drive.

Use Crypto Keys for your payments.

Use Crypto Keys.

------
tantalor
> Symantec… found just one of the 45 pieces of custom malware installed on the
> Times servers

Obviously general-purpose anti-virus software is completely ineffective
against purpose-built malware.

