https://community.isc2.org/t5/Tech-Talk/ANU-Breach/m-p/28633#M1825 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/715155969">@dcontesti</a>&nbsp;wrote:<BR /><P>Great write up the recent breach at ANU.&nbsp;&nbsp;</P><HR /></BLOCKQUOTE><P>It seems most of the reporting on this is an identical re-hashing of the report the school issued. What I haven't seen is anyone identify the&nbsp;actual software was ANU using. I can take a few guess, but to me it is clear negligence to use a mail reader that executes malware on a mere preview of a message. I'm admittedly curmudgeonly about this, but you have organizations that pay for crappy software, use it wantonly, and then when they get attacked, want to blame China. This isn't a report on a breach; it's a deflection of responsibility.</P><P>&nbsp;</P><P>I have news for ANU, if in fact some state actor burrowed their way into their network, I can assure than that their own students, who had daily access to the network, undoubtedly were in there well ahead.&nbsp;</P><P>&nbsp;</P><P>One last thought: When are we as security professionals going to stick a fork in HTML email?</P> Wed, 02 Oct 2019 17:29:39 GMT JoePete 2019-10-02T17:29:39Z https://community.isc2.org/t5/Tech-Talk/ANU-Breach/m-p/28624#M1824 <P>Great write up the recent breach at ANU.&nbsp;&nbsp;</P><P>&nbsp;</P><P><A href="https://www.abc.net.au/news/2019-10-02/anu-cyber-hack-how-personal-information-got-out/11550578" target="_blank">https://www.abc.net.au/news/2019-10-02/anu-cyber-hack-how-personal-information-got-out/11550578</A></P> Wed, 02 Oct 2019 11:31:49 GMT https://community.isc2.org/t5/Tech-Talk/ANU-Breach/m-p/28624#M1824 dcontesti 2019-10-02T11:31:49Z https://community.isc2.org/t5/Tech-Talk/ANU-Breach/m-p/28633#M1825 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/715155969">@dcontesti</a>&nbsp;wrote:<BR /><P>Great write up the recent breach at ANU.&nbsp;&nbsp;</P><HR /></BLOCKQUOTE><P>It seems most of the reporting on this is an identical re-hashing of the report the school issued. What I haven't seen is anyone identify the&nbsp;actual software was ANU using. I can take a few guess, but to me it is clear negligence to use a mail reader that executes malware on a mere preview of a message. I'm admittedly curmudgeonly about this, but you have organizations that pay for crappy software, use it wantonly, and then when they get attacked, want to blame China. This isn't a report on a breach; it's a deflection of responsibility.</P><P>&nbsp;</P><P>I have news for ANU, if in fact some state actor burrowed their way into their network, I can assure than that their own students, who had daily access to the network, undoubtedly were in there well ahead.&nbsp;</P><P>&nbsp;</P><P>One last thought: When are we as security professionals going to stick a fork in HTML email?</P> Wed, 02 Oct 2019 17:29:39 GMT https://community.isc2.org/t5/Tech-Talk/ANU-Breach/m-p/28633#M1825 JoePete 2019-10-02T17:29:39Z