Slashdot Mirror
NVIDIA Breached
jones_supa writes: Another day, another corporate network intrusion. NVIDIA has reportedly been breached in the first week of December, with the attack compromising personal information of the employees. There is no indication that other data has been compromised. This is according to an email sent out by the company's privacy office and Nvidia's SVP and CIO Bob Worwall on December 17th. It took NVIDIA a couple of weeks to pick up all the pieces and assess the incident. It appears that the issue was pinned down by an employee or several employees getting their personal data compromised outside of the company network. After that, the information was used to gain unauthorized access to the internal corporate network. NVIDIA's IT team has taken extensive measures since then to enhance the security of the network against similar attacks in the future.
I think you are confused as to who was breached. You'll be looking for next week's headline.
I wonder what that means, exactly.
My hopes are that it means ensuring anyone on the outside is coming in via 2FA, internal and DMZ networks have a proper IDS/IPS in place that is tailored to the division in question (i.e. a bunch of point of sale terminals would sound an alarm if one of them decides to start making random connections to a site in Elbonia), there is an internal detection process so someone trying to brute force an account will make an audit trail and get a curious admin looking at why the events are happening.
My hopes also include isolation of DMZ boxes so that unless they are intended to communicate with each other, they can't. Isolation between departments would be nice as well.
Finally, my hopes include having remote access being more of using Citrix or RDP and having the remote machine be more of a dumb terminal, as opposed to an active VPN, making the remote machine a part of the corporate network.
Of course, my fear is that "extensive measures" will be a domain admin logging on, popping up a command shell, typing in:
dsquery user | dsmod user -mustchpwd yes
and calling it a wrap.
I'm hoping nVidia does more of the "hopes" portion.
And yet at my company I can't get the GM and president to let me implement a basic computer and security competency test for all new hires that use computers. I'm CIO by the way.
Perhaps there will be some 'unexpected improvements' in open-source drivers for nVidia chipsets in the near future...
Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.
Two California-based corporations suffer a big breach within a month of one another? Pelosi and Feinstein must be getting as wet as their old crotchety selves possibly can>
*vomits*
The #1 question on everyone's mind is, does the data leaked indicate that mangement at Nvidia also admits that the shield is a pointless, overpriced device with no market? I'm reeeeally dying to know. They're like a tablet mixed with a PSP mixed with a steambox but worse than all 3. I can't imagine anyone there is too happy with it.
NVIDIA has reportedly been breached in the first week of December
Bit of a mixed up tense there. Makes it sound like time travellers did (are doing) it.
systemd is Roko's Basilisk.
Are these hacks happening more often or is it a mixture of actually catching the breaches now and more reporting on the breaches?
X
with things like this is that one finds out that enterprise IT admins frequently store passwords in plaintext... it's the only way they can tell that your new password is "not sufficiently different" from the previous one... eg at a previous employer that starts with A, i had a password like "App7!S@uCE". admittedly i was being lazy, but being told that "App7!S@uC3" was too similar (change last char from 'E' to '3', in this example) would only be possible if they were storing the plaintext rather than a hashed string. or they "hashed" it by applying something clever like ROT13... no, the guilty company was not Apple... anyway, moral of the story is use different passwords everywhere.
Does anyone else find it ironic that every time one of these breaches happens... all the employee and costumer data walks right out the door. But their source code? Propitiatory corporate secrets? Oh, those are locked up tighter than a drum.
It's not hard to prevent these "hacks" or "Leaks" they just only chose to actually spend money to protect what's valuable to them. After their employees or Customers personal info is out there, they throw some money at a Credit monitoring service and pretend like that means anything at all? What did it cost them? $1 a user? LOL
We need federal liability laws. The feds do not need to dictate what they need to do to secure data like they've requested. They know, and we know that's a joke. The law will be out of date before it even takes effect. Simply make them liable for $100k per persons personal data they leak. They will quickly just flat out stop storing the data in the first place and we'll all be better off.
sad but true
NVidia, can we please have open source drivers already, so that I dont have to trust any one company before loading their binaries onto my machine?
Damn you Kim Jong, when will your terrorist activities be stopped. I beseech the military industrial complex and congress to provide whatever resources NSA needs to do what ever they want to do... for the children
With all these issues, I am wondering whether beyond the firewall to the external network, internal portions of a corporate network should be firewalled too. For example HR related data should be on a sub-section of the network protected by its own firewall. I would imagine the chances of breaching multiple firewalls being low, unless the penetration into the network is either done by an insider or someone who has been able to lay low on the network for a while?
This may already be the case in many organisations, but I don't know enough about security specifics?
Jumpstart the tartan drive.
>since the system interpreted an encrypted zip file as malware and auto-deleted it.
Change the file's extension and use a hex editor to modify the first byte of the file so it won't recognize it as a compressed file. It's a pain, but it works. The e-mail scanning process has no choice but to consider it a random binary file.
It looks like they forgot to turn the Windows Firewall to "on" and set the Internet Security Zone to "High". That should prevent all hacks, right? /me ducks
Instead of usb, why not dvd-rws ? Bring back the 90s.
Troll
Tell me what you believe...I'll tell you what you should see.
When you read that Stuxnet was an NSA/Israel creation and every month you get drip fed news about NSA's true illegal/terrorist side (like finding ways to hack popular email servers or backend links of cloud storage) and just now, cracking VPN services, you have to ask yourself this: "Who has opened Pandora's box? Who deserves to suffer from it [first]?"
Comment removed based on user account deletion
I built the rc2 version of the 3.19 Linux OS, but Nvidia's drivers would not build because of the bug: nv.c 1842:29 (line 1842, line offset 29), struct file has no member named f_dentry. And it's because of a symbol removed from being "GPL available" in the Linux kernel (it was due to a change contributed by Al Viro in November). Team Nvidia is usually slow to pick up this kind of thing, and there is no updated Nvidia driver that will work. The bug started with 3.19-rc1, but persists with 3.19-rc2. Instead of going back to the 3.18 kernel, I kept going to various web sites detailing the progress of the Nouveau drivers. I had had problems with them before, but decided to give it another go. And I am now seriously impressed. The video card fan is running fast all the time, but watching tv and gaming is not a problem. Also, lately the stock nvidia drivers have not been able to keep track of which monitor is which (and it always starts with the left on the right side and the right on the left side, and when logging on I always have to use nvidia tools to switch them, and it can't ever remember, and --worse! if there is *no file* and I give it one and the nvidia software creates the file from scratch, and then I turn around and ask the same nvidia software to read back the file it just wrote, it can't. Its like a little kid that can't read its own writing. And the Nouveau drivers have no problems with that at all. And accelerated clocks and pwm fan speed support for cards similar to mine have started showing up in the latest linux kernels as of this past month. All I'm saying is that I feel bad for Nvidia, but my dependence on them is waning.
I read the blurb --by Forbes-- and its like a syllabus I read for a tech. school to get a degree in 'business computing'. And also like many business blurbs I've read. My first desire is to pull out a red pen and start correcting, shifting tense, incorrect use of words (theyre instead of there or they're, also too, two and to, effect vs affect, etc.) and a host of other nits like 'an' before a word beginning with a consonant. But then they go off and start putting words beside each other that have no business being beside each other, and it goes on this way for entire prepositional phrases. They try to sound more erudite by cutting out important words and using words incorrectly. And to the literate, they look stupid. And they are stupid. And the Nvidia blurb done by Forbes could have been better had it been edited by a grade 11 student.
caca