Users' Data Target Of 'Targeted Attack' on AT&T 28
New submitter fran6gagne writes "AT&T [Monday] notified customers of an effort by hackers to collect online account information. It is not believed that the perpetrators of this attack obtained access to sensitive information." eWeek's account has a bit more detail.
Re:Target of targeted attack? (Score:4, Informative)
That's the brilliant "editing" work of timothy. The original articles used "organized and systematic" attack but timothy must have thought that was too clear and not redundant enough for the slashdot title.
Re:(One of) My problems with AT&T... (Score:2, Informative)
Believe it or not, AT&T is actually pretty serious when it comes to sensitive personal information.
( I have to re-take the training at least yearly about it )
Full drive encryption on all desktop and laptop systems are pretty much the standard. Software firewalls and
anti-virus updated constantly. Forced password changes on a scheduled basis with complexity rules in full
effect. Access to servers which hold SPI are limited and those accounts are either passphrase level logins
or RSA SecurID tokens.
( All tokens were re-issued post RSA Data breach )
Network sniffers are in place everywhere. Firewalls are in place to isolate the many internal networks
within the company. Identifying the systems with your data is only part of the puzzle. Getting access to
them ( and the network they reside upon ) is a lot more work for an outsider.
Not just anyone in the company has access to your data. Only those groups that need access to it to do
their job. Will it stop the official evil employee from looking at your data if they have legitimate access ?
Of course not. You have to trust SOMEONE to access your data when necessary.
From an outside hack perspective though, the systems in general are definitely not wide open for the
world to see. They may not be up to NSA / Area-51standards, but they're pretty locked down.