Nerds On Site

Two Incredible Cases of Insecurity – A Basic Information Security Audit Would Have Prevented Both

This post by Nerd [Dennis Houseknecht]
I am sure that by now, everyone has heard about the unbelievable fiasco at Sony. Surely Sony has security experts somewhere in the company. It does not even take much of an expert to know that storing passwords in plain text is, not to put too fine a point on it, STUPID. This was undoubtedly done many years ago and no one realized that it was STILL being done. A simple audit would have made this evident and prevented an awful lot of grief for a lot of Sony customers. As if that is not bad enough, unencrypted credit card numbers were apparently in the database, ALONG WITH THE CVV CODES. That represents TWO blatant violations of the PCI DSS. Lawyers are lining up to sue Sony – with good cause.
Equally inexcusable is the recent exposure of the personal information of 3.5 million Texans. The information was supposed to be encrypted, but was stored in plain text on a server that was available to the public – FOR OVER A YEAR. Once again, a simple audit would have revealed this situation.
Does your company store ANY sensitive data on your systems? Is it properly protected by encryption and access controls? Are you sure? Maybe it is time to talk about an information security audit.

Leave a Comment

Your email address will not be published.

Scroll to Top