Greetings everyone…I’m back! My wife and I had a GREAT time in San Diego last week attending CiscoLive. It was an excellent conference, held in a great city (I love San Diego!!), and we had a wonderful time (my wife attended the Keynotes with me, along with the World of Solutions events, and the Customer Appreciation Event with Aerosmith). We tracked our steps and averaged between 13,000 and 15,000 steps each day…for each of us…wow!! We used a really nice app on our iPhones called Pacer, and it classified us as “Highly Active”. No kidding!! I’ll be posting some recaps of CiscoLive over the next several days.
Today, however, is more news within the field of security…or the lack thereof. And it’s not good folks…not good at all…
The US Office of Personnel Management announced a significant breach of their systems in which it’s estimated that personal information on between 10 to 14 million federal employees was stolen. (See the excellent report over at KrebsOnSecurity OPM Breach.) I heard a bit today from the Congressional Inquiry (that was very quickly organized I might add) that most of the affected systems were not properly secured (lack of timely patching of servers/systems, lack of robust authentication mechanisms…the list goes on). Part of me wants to stand up, turn towards Washington DC, and scream “Idiots!!”. But then the other part of me wants to run back to work, and double check my firewalls and routers…am I doing everything that I can to protect my company??
Ugh…security is a never ending process. One of the speakers at CiscoLive said that everyone has been hacked…whether you know it or not. I have realized now that I agree with that statement. I’m going to spend this summer double-checking all of my security processes and configurations. And I’m going to try and find evidence of an intrusion…I think it has already happened, but I’ve just not “seen” it yet.
One more bit of security news…if you are a user of LastPass, it too has suffered a breach. Here are a couple of good articles concerning it: NetworkWorld LastPass Breach and over at KrebsOnSecurity LastPass Breach.