Slashdot Mirror

← Back to Stories (view on slashdot.org)

Former NSA Honcho Calls Corporate IT Security "Appalling"

Posted by samzenpus on from the is-that-better-than-terrible? dept.

Nerval's Lobster writes "Former NSA technology boss Prescott Winter has a word for the kind of security he sees even at large, technologically sophisticated companies: Appalling. Companies large enough to afford good security remain vulnerable to hackers, malware and criminals because they tend to throw technological solutions at potential areas of risk rather than focusing on specific and immediate threats, Winter said during his keynote speech Oct. 1 at the Splunk Worldwide User's Conference in Las Vegas. 'As we look at the situation in the security arena we see an awful lot of big companies – Fortune 100-level companies – with, to be perfectly candid, appalling security. They have fundamentally no idea what they're doing,' Winter said, according to a story in U.K. tech-news site Computing. During almost 28 years at the National Security Agency (NSA), Winter established the spy agency's Technology Directorate and served as the agency's first CTO. He also held positions as the NSA's CIO, its deputy chief of Defensive Information Operations and, oddly, as chief of Customer Response. He is currently managing director of Chertoff Group, the strategic management and security consultancy established by Michael Chertoff, secretary of the Dept. of Homeland Security under Pres. George W. Bush and co-author of the USA Patriot Act."

4 of 174 comments (clear)

  1. No Shit, Sherlock by thatkid_2002 · · Score: 5, Funny

    Given that half of Slashdot works in corporate IT I'm sure we're all shocked by this announcement.

  2. Couple Ways You Could Fix That by Greyfox · · Score: 5, Funny

    You could just improve security, but that's hard. Alternately, you could just have such a shitty IT infrastructure that nothing ever works! This has many advantages! Lower IT costs, for one, and servers that are broken are in fact VERY secure! Very, VERY secure! So if you're in IT, next time someone bitches at you about some resource being down, just say it's "security hardening"!

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  3. No, really? by seebs · · Score: 4, Funny

    Banks are still using "secret questions" and claiming that's a kind of two-factor authentication. Someone I know was once told by Citi something to the effect of "well, click on the links in the email, and if it gets you to a site with our logo, then it was from us."

    And honestly, social engineering is still a huge and very easy target.

    --
    My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
  4. Re:I can confirm this by symbolset · · Score: 4, Funny

    In my experience revealing what you really know about systems security is a guaranteed way to lose the job interview if you have any clue at all. The only way to help an organization get real operations security is to worm your way in under false pretenses and then gradually migrate them to a secure position. An MCSE cert helps here, as it drives away suspicion that you might actually know what you're doing.

    --
    Help stamp out iliturcy.