The Mirror headlines with the following story:
Cops fear hackers may have stolen the personal details of hundreds of officers.At first Scotland Yard thought it was just a prank when a picture of Brobee, from children's TV show Yo Gabba Gabb, was posted by hackers on the recruitment website www.metcareers.com last month. But a security review found the site was linked to two Met databases containing job applications and personal details. A source said: "This information would be very useful for identity fraudsters and almost priceless to criminals."
What did I tell you? assumption is the mother of all fuck-ups.
As I told before, in security today all money is spent on the wrong things. But don't listen to me, listen to your firewall or envisage the real facts of what is happening these days. Here is what I found almost 1 month ago, of course I could own that box in 5 minutes if I felt like it. But that is not the point, the point is this ridiculous sense of security. I am willing to bet hands down that if I sit for it for a couple of hours I can hand them a few other holes as well.
Lessons learned:
0x00 never assume.
0x01 do not store confidential data verbatim, encrypt all of it, store the key below Ipub.
0x02 decentralize sensitive data.
0x03 fix your damn holes.
