UnThreaded | Threaded | Whole Thread (5) | Ignore Thread Prev | Next
Author: JeanDavid Big funky green star, 20000 posts Old School Fool CAPS All Star Add to my Favorite Fools Ignore this person (you won't see their posts anymore) Number: of 190817  
Subject: Re: NY Times Hacked Date: 2/1/2013 6:25 AM
Post New | Post Reply | Reply Later | Create Poll Report this Post | Recommend it!
Recommendations: 0
Shouldn't it be relatively easy to detect hackers attacking your email accounts?

It should be. All they need do is have their reporters digitally sign their e-mails. Then if an e-mail arrives with the wrong digital signature, it can be discarded.

There is even open source software for doing this.

http://www.enigmail.net/home/index.php works, at least with Thunderbird.

And if they do not use that, they can go down one level and use

http://gnupg.org/

It does require someone who is up to date in their IT department, but they certainly have the resources to put this into operation.

After all, the users are your reporters. You know where they are. You know their usual routine for using email. Most of them probably get email with only a handful of devices and you know what they are. And you should be able to encrypt content.

Encryption is a separate, but related issue. It is simply a matter of policy. The same mechanism for signing works for encryption. The method used is very secure. It is just a matter of whether it is desirable to keep the reports secret from the general public, or even high-resource black hats, such as government agencies, or not.

So unusual activity from incorrect locations or unknown devices should raise alarms immediately. Why did it take so long to shut them down?

Some reporters have a fixed office that probably does not change from day-to-day, and its location and IP address are known. Trouble is it is fairly easy to forge an IP address, so a sufficiently well informed black hat can pretend to be sending from the proper IP address. Another problem is that other reporters move around a lot from day-to-day or even hour-to-hour, and this reduces the likelihood that knowledge of IP address, etc., will be any use,

A greater problem, and I do not know if this was the case with the attack on the New York Times, is that no forgery was involved at all, but just a (possibly) distributed denial of service attack. And digital signing, encryption, etc., will be of little or no help with that. It would take a good IT department at the NYT to manage that, and they might require outside help besides.
Post New | Post Reply | Reply Later | Create Poll Report this Post | Recommend it!
Print the post  
UnThreaded | Threaded | Whole Thread (5) | Ignore Thread Prev | Next

Announcements

Foolanthropy 2014!
By working with young, first-time moms, Nurse-Family Partnership is able to truly change lives – for generations to come.
When Life Gives You Lemons
We all have had hardships and made poor decisions. The important thing is how we respond and grow. Read the story of a Fool who started from nothing, and looks to gain everything.
Post of the Day:
Macro Economics

Looking at Currency Ratios
What was Your Dumbest Investment?
Share it with us -- and learn from others' stories of flubs.
Community Home
Speak Your Mind, Start Your Blog, Rate Your Stocks

Community Team Fools - who are those TMF's?
Contact Us
Contact Customer Service and other Fool departments here.
Work for Fools?
Winner of the Washingtonian great places to work, and "#1 Media Company to Work For" (BusinessInsider 2011)! Have access to all of TMF's online and email products for FREE, and be paid for your contributions to TMF! Click the link and start your Fool career.
Advertisement