Thursday, April 19, 2012

Teen hacker hits 259 sites

Saw this article about a 15-year old in Austria who was busted for hacking 259 company web sites.  I figured they would say he was working on this for, you know, maybe the last year or two.  Nope, not even close.  The sites were all compromised in a 3-month period at the start of this year!  Some sites were just defaced, other sites had information taken and published.  All kinds of different sites, from all over the world.  Asked why he did it, the response was boredom and a need to prove himself.  How did he do it?  Simple tools and scripts available on the internet.

Here's the big question - why is it still so easy in 2012 to find so many vulnerabilities?  Is there just too much pressure to get an internet presence out there without even thinking about any security?  Probably.  Other times it's just because somebody didn't configure something properly.  It shouldn't be that hard to stop for a minute and think things through.  Do it right the first time.  Then keep up with what's going on within the systems.  With all the high profile hacks and millions and millions of lost dollars, the low hanging fruit should be disappearing.  Somehow it just keeps popping up.  Guess it just means plenty of new opportunities and plenty of work for many years to come.  That's good.  I have too much time before even seriously considering about retirement.