Announcements
Planned Site Maintenance
Due to scheduled maintenance, account creation for new Community users will be unavailable 11 a.m. Eastern October 23, 2020 – October 24, 2020. We apologize for any inconvenience.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Champion

ANU Breach

1 Reply
Highlighted
Contributor II

Re: ANU Breach


@dcontesti wrote:

Great write up the recent breach at ANU.  


It seems most of the reporting on this is an identical re-hashing of the report the school issued. What I haven't seen is anyone identify the actual software was ANU using. I can take a few guess, but to me it is clear negligence to use a mail reader that executes malware on a mere preview of a message. I'm admittedly curmudgeonly about this, but you have organizations that pay for crappy software, use it wantonly, and then when they get attacked, want to blame China. This isn't a report on a breach; it's a deflection of responsibility.

 

I have news for ANU, if in fact some state actor burrowed their way into their network, I can assure than that their own students, who had daily access to the network, undoubtedly were in there well ahead. 

 

One last thought: When are we as security professionals going to stick a fork in HTML email?