Linked by David Adams on Tue 28th Jun 2011 15:35 UTC, submitted by HAL2001
Privacy, Security, Encryption In an unexpected move for a security company, SecurEnvoy today said that cyber break-ins and advanced malware incidents, such as the recent DDoS attack by LulzSec, should actually be welcomed and their initiators applauded. The company's CTO Andy Kemshall said: "I firmly believe that the media attention LulzSec’s DDoS attack has recently received is deserving. It’s thanks to these guys, who’re exposing the blase attitudes of government and businesses without any personal financial gain, that will make a difference in the long term to the security being put in place to protect our own personal data!"
Thread beginning with comment 478913
To read all comments associated with this story, please click here.
Comment by MORB
by MORB on Tue 28th Jun 2011 16:27 UTC
MORB
Member since:
2005-07-06

They do have a point, though. All those companies that got hacked had crappy security yet are always demanding personal information from their customers to use their products.

People should be happy that those security holes weren't found first by more malicious people than lulzsec.

Reply Score: 6

RE: Comment by MORB
by Alfman on Tue 28th Jun 2011 16:39 in reply to "Comment by MORB"
Alfman Member since:
2011-01-28

MORB,

"They do have a point, though. All those companies that got hacked had crappy security yet are always demanding personal information from their customers to use their products."


In so far as the data breaches expose a vulnerability which the company then fixes, then yes the company's security could benefit in the long term. There's nothing like an attack to raise awareness. However in context of the piece quoted, the vendor specifically mentions that DDoS encourage better data security, which is idiotic.

There's no connection between bandwidth limitations and data security. If you can't keep up with the attacker/botnet, then your dead. It doesn't indicate anything about bad security practices.

Reply Parent Score: 5

RE[2]: Comment by MORB
by sagum on Tue 28th Jun 2011 19:51 in reply to "RE: Comment by MORB"
sagum Member since:
2006-01-23

...in context of the piece quoted, the vendor specifically mentions that DDoS encourage better data security, which is idiotic.


There's no connection between bandwidth limitations and data security. If you can't keep up with the attacker/botnet, then your dead. It doesn't indicate anything about bad security practices.


Except these recent DDoS attacks haven't been just about raw fragmented packets hitting the server with more bandwidth then the server can handle.

If you look at the LOIC that the anonymous group use, they target a website to request pages that take up vast amounts of resources, be it memory, server side scripting or database load.

An example would be searching in the help section of a website and searching for a common word, or even letter such as 'a' and the search results taking several seconds per request due to high CPU time or Database load on the servers. In this instance, just a few people (sometimes even 1 person) can take down a website simply because of bad code.

Reply Parent Score: 2