Hacker News new | comments | show | ask | jobs | submit login
Hackers Lurking in Vents and Soda Machines (nytimes.com)
61 points by wallflower 1293 days ago | hide | past | web | 17 comments | favorite



“When you know you’re the target and you don’t know when, where or how an attack will take place, it’s wartime all the time,” Ms. Hallawell said. “And most organizations aren’t prepared for wartime.”

The government should get in on this with pen testing and honeypots. Even individual companies don't have the resources it would take to make it an even contest. The government can't protect everybody, but it could change the risk/reward calculations of being a criminal cracker. (If done correctly, admittedly a big if.)


"Agent 13, is that you?"


Misleading title- I didn't see much mention of a soda machine. :)


Yep.. linkbait title.

They had this though: "Heating and cooling providers can now monitor and adjust office temperatures remotely, and vending machine suppliers can see when their clients are out of Diet Cokes and Cheetos. Those vendors often don’t have the same security standards as their clients, but for business reasons they are allowed behind the firewall that protects a network."

I didn't think vending machines used the client network, but used the mobile phone network, thus only requiring electricity to install.


    Heating and cooling providers can now monitor and adjust office temperatures
    remotely, and vending machine suppliers can see when their clients are out 
    of Diet Cokes and Cheetos. Those vendors often don’t have the same security
    standards as their clients, but for business reasons they are allowed behind
    the firewall that protects a network.


I think soda machine was used to catch user's attention about the topic of cyber vulnerabilities..


Mountain Do While...


The fundamental problem is that having a highly secure network costs large amounts of money and time (in direct work and as a knock-on effect of reduced efficiency due to the overhead).

That and a lot of the software used in the Enterprise was intended initially for smaller companies in a much less hostile part of the market.

I have no idea how to solve this problem, systems and software are basically insecure from the ground up and often for convenience/cost reasons that is the way they where designed.

As an aside I installed an older ReadyNAS today (little raid box) and out the box it created AFP and CIFS shares with guest access on the local network, now that is fine for me as it's a wired only network and there are only two of us in the office but how many medium sized companies without IT departments are running little NAS boxes that are shared to the world over WiFi and that is just one recent example I can think off.


the output of htop is almost distinguishable here

http://static01.nyt.com/images/2014/04/08/business/Vulnerabl...

"Companies scrambling to seal up their systems from hackers and government snoops are having to look in the unlikeliest of places for vulnerabilities."


"Hackers Lurking in Vents and Soda Machines"


I vanted orrange.


"Zee machine gave me grape."

Deus Ex reference, I'm guessing. (The first one.)


Isn't is "I vanted orrange. It gave me lemon-lime"?


Ja!

Laputan Machine.


> as countless third parties are granted remote access to corporate systems.

> 23 percent — of breaches were attributable to third-party negligence.

23 percent of countless is > infinity.

Leaving yourself exposed from third party equipment connected inside your firewall is your own negligence.


These networks need to be better modularized with respect to security. I'm sure it's expensive, but it has to be cheaper than dealing with big security debacles such as Target's recent one.


That's what I was wondering as well. Why does your HVAC monitoring system need full network access (or even inside the firewall)?

I'm not a networking guru, would someone care to enlighten me?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: