Yours Truly Profiled in The New York Times – Krebs on Security

por

Today’s New York Times features a profile of this author — a story titled, “Reporting from the Web’s Underbelly”. The piece, written by The Times’s Silicon Valley reporter Nicole Perlroth, observes:

Mr. Krebs, 41, tries to write pieces that cannot be found elsewhere. His widely read cybersecurity blog, Krebs on Security, covers a particularly dark corner of the Internet: profit-seeking cybercriminals, many based in Eastern Europe, who make billions off pharmaceutical sales, malware, spam, frauds and heists like the recent ones that Mr. Krebs was first to uncover at Adobe, Target and Neiman Marcus….

…Unlike physical crime — a bank robbery, for example, quickly becomes public — online thefts are hushed up by companies that worry the disclosure will inflict more damage than the theft, allowing hackers to raid multiple companies before consumers hear about it.

“There’s a lot going on in this industry that impedes the flow of information,” Mr. Krebs said. “And there’s a lot of money to be made in having intelligence and information about what’s going on in the underworld. It’s big business but most people don’t want to pay for it, which explains why they come to someone like me.”

Read more here.

Update, 12:43 p.m., ET: Adding this as an update because my comment got buried, and because a sentence about my discovery of The Post’s payroll data has already led to one “Krebs has done a bit of illegal hacking himself,” story. The NYT piece makes it sound like I hacked my way into the Post’s payroll system, but in truth it was far less interesting/glamorous than that. Basically, the newly-hired guy in charge of Windows share security at washingtonpost.com had for some oddball reason undone all the security put in place by his predecessor, so all local shares on the network were more or less readable by anyone who had network credentials.

In short, I was able to see the salaries.xls file without even using my keyboard. Just open Windows Explorer, click…\Finance….click…\Accounting….click…\Payroll…whoaaa!

The only reason I did not lose my job over that discovery was that I brought it to the attention of the Post.com’s security team immediately. They fired the guy responsible for undoing all the security that very day. The head of security showed up at his desk with a box and told him he had 15 minutes to clear out his stuff.

Relacionado:

Exploit Sat on LA Times Website for 6 Weeks –Exploit Sat on LA Times Website for 6 Weeks – Krebs on Security La red de robo de identidad de Nueva York uso La red de robo de identidad de Nueva York usó información privilegiada, miembros de pandillas – Krebs on Security 1670264095 Hombre de Nueva York se declara culpable de robo de Hombre de Nueva York se declara culpable de robo de intercambio de tarjeta SIM por valor de $20 millones – Krebs on Security Nueva York acusa a First American Financial por fuga masiva Nueva York acusa a First American Financial por fuga masiva de datos: Krebs on Security Default ThumbnailUna guía para abogados penalistas del Bronx: el camino desde el arresto hasta la lectura de cargos en el condado de Bronx, Nueva York Default ThumbnailOpenSSL Patch to Plug Severe Security Holes – Krebs on Security

Deja un comentario