In October, the South Carolina Department of Revenue discovered that it had been breached and contacted Mandiant to assist in the investigation and response. All told, millions of social security numbers and hundreds of thousands of bank/credit card numbers had been stolen.
In November, Mandiant published their findings. This is exciting. All we usually get is a news article lacking in technical detail. This we can actually learn from.
My goal in this blog post is to explore what, in hindsight, the S.C. Department of Revenue could or should have done better. Please read the Mandiant report before you move on.
Tuesday, December 4, 2012
Subscribe to:
Posts (Atom)
Understanding Scope in Go
As per my New Year's resolution, I've been learning to program in Go and reading The Go Programming Language . On page 141 of the...
-
Most cryptographic algorithms deal with numbers that are 128 bits or larger. A 128-bit number has 2 128 possible values, but how big ...
-
This is in response to a Tenable blog post " Do Passwords Matter? " I have several issues with the post that I address here. Pa...