Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security AT&T Communications Privacy

Users' Data Target Of 'Targeted Attack' on AT&T 28

Posted by timothy
from the oh-the-files-are-inside-the-death-star dept.
New submitter fran6gagne writes "AT&T [Monday] notified customers of an effort by hackers to collect online account information. It is not believed that the perpetrators of this attack obtained access to sensitive information." eWeek's account has a bit more detail.
This discussion has been archived. No new comments can be posted.

Users' Data Target Of 'Targeted Attack' on AT&T

Comments Filter:
  • by Lunix Nutcase (1092239) on Tuesday November 22, 2011 @12:54PM (#38137238)

    That's the brilliant "editing" work of timothy. The original articles used "organized and systematic" attack but timothy must have thought that was too clear and not redundant enough for the slashdot title.

  • by Anonymous Coward on Tuesday November 22, 2011 @02:21PM (#38138844)

    Believe it or not, AT&T is actually pretty serious when it comes to sensitive personal information.
    ( I have to re-take the training at least yearly about it )

    Full drive encryption on all desktop and laptop systems are pretty much the standard. Software firewalls and
    anti-virus updated constantly. Forced password changes on a scheduled basis with complexity rules in full
    effect. Access to servers which hold SPI are limited and those accounts are either passphrase level logins
    or RSA SecurID tokens.

    ( All tokens were re-issued post RSA Data breach )

    Network sniffers are in place everywhere. Firewalls are in place to isolate the many internal networks
    within the company. Identifying the systems with your data is only part of the puzzle. Getting access to
    them ( and the network they reside upon ) is a lot more work for an outsider.

    Not just anyone in the company has access to your data. Only those groups that need access to it to do
    their job. Will it stop the official evil employee from looking at your data if they have legitimate access ?
    Of course not. You have to trust SOMEONE to access your data when necessary.

    From an outside hack perspective though, the systems in general are definitely not wide open for the
    world to see. They may not be up to NSA / Area-51standards, but they're pretty locked down.

"What is wanted is not the will to believe, but the will to find out, which is the exact opposite." -- Bertrand Russell, _Sceptical_Essays_, 1928

Working...