cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
dcontesti
Community Champion

ANU Breach

1 Reply
JoePete
Advocate I


@dcontesti wrote:

Great write up the recent breach at ANU.  


It seems most of the reporting on this is an identical re-hashing of the report the school issued. What I haven't seen is anyone identify the actual software was ANU using. I can take a few guess, but to me it is clear negligence to use a mail reader that executes malware on a mere preview of a message. I'm admittedly curmudgeonly about this, but you have organizations that pay for crappy software, use it wantonly, and then when they get attacked, want to blame China. This isn't a report on a breach; it's a deflection of responsibility.

 

I have news for ANU, if in fact some state actor burrowed their way into their network, I can assure than that their own students, who had daily access to the network, undoubtedly were in there well ahead. 

 

One last thought: When are we as security professionals going to stick a fork in HTML email?