NVIDIA Breached

← Back to Stories (view on slashdot.org)

Posted by Soulskill on Tuesday December 30, 2014 @07:02AM from the caught-in-the-crossfire dept.

jones_supa writes: Another day, another corporate network intrusion. NVIDIA has reportedly been breached in the first week of December, with the attack compromising personal information of the employees. There is no indication that other data has been compromised. This is according to an email sent out by the company's privacy office and Nvidia's SVP and CIO Bob Worwall on December 17th. It took NVIDIA a couple of weeks to pick up all the pieces and assess the incident. It appears that the issue was pinned down by an employee or several employees getting their personal data compromised outside of the company network. After that, the information was used to gain unauthorized access to the internal corporate network. NVIDIA's IT team has taken extensive measures since then to enhance the security of the network against similar attacks in the future.

2 of 59 comments (clear)

Min score:

Reason:

Sort:

Re:"extensive measures" taken... by fuzzyfuzzyfungus · 2014-12-30 07:40 · Score: 3, Interesting

Given that I have no particular personal stake in Nvidia's problems, I would hope, in the spirit of general benevolence, that they take actually effective action; but I would much, much, much more strongly hope, in my own interests and those of computer users generally, that they've taken effective measures surrounding control of their signing keys.

Aside from a few *nixes that are actively hostile to proprietary drivers or simply don't do any integration work for Nvidia's, Nvidia is one of the hardware companies whose signature is pretty much universally trusted, without much question or notification, on a driver. If their signing infrastructure were to have been compromised, some very, very, interesting 'GPU drivers' might make it out into the wild and raise some hell.

Unfortunately, this is true of other hardware outfits as well. I don't much care how they run things, though friendly advice would be to pay attention to the security geeks; but anyone who has a signing key that will get a driver right into the kernel of any windows system without comment(extra credit for getting it on Windows Update) is an active menace if they lose control of that.
Hrm... by Charliemopps · 2014-12-30 08:38 · Score: 4, Interesting

Does anyone else find it ironic that every time one of these breaches happens... all the employee and costumer data walks right out the door. But their source code? Propitiatory corporate secrets? Oh, those are locked up tighter than a drum.
It's not hard to prevent these "hacks" or "Leaks" they just only chose to actually spend money to protect what's valuable to them. After their employees or Customers personal info is out there, they throw some money at a Credit monitoring service and pretend like that means anything at all? What did it cost them? $1 a user? LOL
We need federal liability laws. The feds do not need to dictate what they need to do to secure data like they've requested. They know, and we know that's a joke. The law will be out of date before it even takes effect. Simply make them liable for $100k per persons personal data they leak. They will quickly just flat out stop storing the data in the first place and we'll all be better off.