Just saw this on Drudge Report

/ Just saw this on Drudge Report #2  
Not Good. John Deere needs to do better than that. Two years ago, Kioti USA headquarters server was hacked, quite easily I may add, and their entire server was locked and would only be unlocked after a ransom was paid. Kioti decided not to pay, and spent over 3 months rebuilding their entire server. Even today, Kioti Dadong server in Korea is wide open right now. I think most of these Ag companies lack updated thinking regarding security protocols.
 
/ Just saw this on Drudge Report #3  
rademamj1 said:
Not Good. John Deere needs to do better than that. Two years ago, Kioti USA headquarters server was hacked, quite easily I may add, and their entire server was locked and would only be unlocked after a ransom was paid. Kioti decided not to pay, and spent over 3 months rebuilding their entire server. Even today, Kioti Dadong server in Korea is wide open right now. I think most of these Ag companies lack updated thinking regarding security protocols.
Click to expand...
I know almost nothin about it but.....

I read that security is an after thought, at best in most products. They were talking about networked/wired toys etc with zero security.
 
/ Just saw this on Drudge Report #4  
Security is a myth.
 
/ Just saw this on Drudge Report #5  
IT security (and IT in general) at many of these companies suffers the same problem as user manuals - they think anyone can do it because “how hard could it be?” thus they don’t want to pay a professional. And I mean a real pro, not just some guy who‘s built a few PCs and knows how to map a drive. You look at something like the Solarwinds attack and that was state of the art. If you as a company want to stand any kind of chance at all, you have to be just as sophisticated. Like with everything, no security is bulletproof, but until IT security is seen as truly mission critical, these companies will continue to be easy targets.
 
/ Just saw this on Drudge Report #7  
It's certainly possible Amazon has been hacked, but besides their own online marketing sales, they also provide the largest server capacity for independent business websites. So they must have the most reliable servers in the industry, and that requires a dedicated IT staff that is both smart and fully updated to thwart hacking attempts. I am sure they are targeted on a daily basis.
 
/ Just saw this on Drudge Report #8  
rademamj1 said:
It's certainly possible Amazon has been hacked, but besides their own online marketing sales, they also provide the largest server capacity for independent business websites. So they must have the most reliable servers in the industry, and that requires a dedicated IT staff that is both smart and fully updated to thwart hacking attempts. I am sure they are targeted on a daily basis.
Click to expand...

I would agree. They have to be a huge target.

My guess - like you - is Amazon has top notch IT folks. Their entire business is based on IT that is invisible to the customer. You find a product, click buy-it-now and the thing shows up a day or two later.

All the IT behind that is not simple.

MoKelly
 
/ Just saw this on Drudge Report #9  
Everybody has been hacked, just depends on what you consider a hack. Is phishing a hack? Meh, they usually call it that. Hacking isn’t like it is on TV where it’s a pink haired 20-something hippie chick banging away at keyboard. What’s really crazy is you look at the firewalls in front of major sites from any of the top 5 and it’s not uncommon to see hundreds of thousands of targeted attacks every day. Or more. It’s mind blowing to see these systems just hammered relentlessly 24x7. I half way joke that if you’re not sure whether we’ve ever acquired alien technology, you will be once you understand what some of these systems are capable of today.
 
/ Just saw this on Drudge Report #10  
rademamj1 said:
It's certainly possible Amazon has been hacked, but besides their own online marketing sales, they also provide the largest server capacity for independent business websites. So they must have the most reliable servers in the industry, and that requires a dedicated IT staff that is both smart and fully updated to thwart hacking attempts. I am sure they are targeted on a daily basis.
Click to expand...
I cant verify, but heard they were chosen to handle the cloud for the US Dept of Defense. Not so sure that’s a good idea.
 
/ Just saw this on Drudge Report #11  
What companoes should do, is encrypt their data inside the database. Then, have their software decrypt it for display purposes on the screen, reports, etc.

that way, even if they were hacked, or some idiot left their laptop with a copy of the database on it at Starbucks, the hackers would also need to figure out the decryption before they had anything, which would be damn near impossible.
 
/ Just saw this on Drudge Report #12  
The problem with that is that every piece of software that reads/writes to the DB needs to have encryption added to it. That alone is prohibitively expensive unless it's a very simple system. Worse, unless the SW that read/writes the DB is written in house, the company does not have the source code to modify. The other problem is that every DB operation that touches an encrypted field requires a decryption, and that slows the DB. A lot for some operations, often too much.

I've worked in this space for many years and I can remember one company that implemented this. They needed their own security engineers in addition to their own developers. Their system was simple (though it held a lot of data) and entirely written in house except for the actual DB. They were extremely concerned about their data and willing to spend a lot of money to protect it.

Even then it only pushes the problem up one level which is not far enough. The typical stack is DB -> middleware -> web server. The middleware or web server has to have automatic access to the crypto keys in order to operate. But the attackers usually come in through the web server as that is what's accessible. So their exploit code runs as the web server and thus automatically decrypts the data.

Encryption does help with the data on a laptop problem though, IF the laptop's been properly logged out when it's stolen. Often it's not. And of course most corporate databases are too large to fit on a laptop, and are located on a server so many people can access them.

At least in this Deere case the flaw was discovered by a researcher who reported it to the company rather than exploiting it or selling the exploit, and the company fixed it promptly.
 
You must log in or register to reply here.

Here are some similar links:

J
John Deere 110 TLB engine lugs when accelerating
Replies
8
Views
1K
JD110TLBFan
J
Tfly88
2011 John Deere 4320 front axle leak
Replies
5
Views
3K
oldtimer 66
O
S
2000 john deere 4300 sync reverser question
Replies
3
Views
1K
Tx Jim
Tx Jim
J
3Series wheel spacers
Replies
8
Views
3K
Brown Dog
Brown Dog
L
Changing fan belt on JD 6400
Replies
0
Views
2K
landrand
L
 

Footer Links 1

Top