Go Back   Grim Dawn Forums > Off Topic > Rants
Reload this Page Battle.net was hacked!
Register FAQ Calendar Search Today's Posts Mark Forums Read

Notices

Reply
Page 3 of 3 12 3
 
Thread Tools Display Modes
  #21  
Old 08-16-2012, 09:54 PM
hooby's Avatar
hooby hooby is offline
Champion
  
Join Date: Sep 2010
Posts: 1,651
Default
From what I've been taught at university, optimal security is when the data you store is not worth the work needed to overcome your security measures.

It's a pretty simple concept, actually.
Reply With Quote
  #22  
Old 08-16-2012, 10:21 PM
eisprinzessin's Avatar
eisprinzessin eisprinzessin is offline
Minister of Information
  
Join Date: Jan 2010
Location: Germany, North Rhine-Westphalia, Bielefeld
Posts: 3,287
Default
Where is the break-even point when the amount of data is as massive as in this case? Assuming that the amount of data does not (significantly) increase your work load?
__________________
Reply With Quote
  #23  
Old 08-16-2012, 11:49 PM
madned madned is online now
Supporter
  
Join Date: Jun 2010
Posts: 124
Default
Quote:
Originally Posted by Shoganai View Post
Security is also best done in layers. You have DMZs between the internet and where you keep the REAL data. Each layered DMZ has a firewall and intrusion detections systems. You try to harden your systems as much as possible, but you always design with the "what if scenario" - "what if this server was compromised" etc..
you sound like you know about this more than I, but I'll point out that presumably valve and sony and blizzard have professional security dudes that know all this, probably have applied this as best able.

and still got hacked with sufficient data risk to require public notification.

granted, they're sitting on top of extremely large mounds of loot, which will/have draw(n) unbelievable amounts of attention.
and their defense area is probably huge, distributed systems networked together. and I'd guess the compromises came through non-core systems. valve i think for example had their forum server compromised, which if that was all, it was probably would have been annoying but not that bad, unless you really really care about your forum login, which to a degree I suppose you should.
it's always in the last place you look.

probably a good argument for periodic external audits.

a lot of security is predicated by how your business treats data. the basic business inclination is towards sharing, data that can't be readily shared becomes less valuable, i'm loosely including internal access for mining and whatnot. Which makes IT security a fun line to tread.
Well, guess that's what Data Loss insurance is for, I wonder if they account for lost goodwill.
Reply With Quote
  #24  
Old 08-17-2012, 12:18 AM
Shoganai's Avatar
Shoganai Shoganai is online now
Herald
  
Join Date: May 2012
Location: Great White North
Posts: 1,407
Default
It's what I do

No doubt blizz has super security Leading into their Internet facing battlenet severs - that's why the hackers went after something softer -their VPN / internal networks. It would be interesting to see what type of security they had for that. Since battlenet is hosted at various data enters, it's very possible that the security for it is handled via contract by the data center. It's very possible that their internal LAN/VPN is a separate company or might even be in-house. We won't know for certain. I will say that from my experience companies spend a lot of time protecting their Internet exposed devices, and often overlook or spend less/underestimate the threAt to their own VPN connections into their network.

It's not done on purpose mind you... It's just they are more concerned on protecting the "obvious" targets of attack...
__________________
"Sleep with one eye open, gripping your pillow tight."
proud owner of both a Loyalist and Patron Edition key.
Reply With Quote
  #25  
Old 08-17-2012, 03:57 PM
LostSoul LostSoul is offline
Advocate
  
Join Date: May 2011
Posts: 460
Default
Quote:
Originally Posted by Shoganai View Post
It's not done on purpose mind you... It's just they are more concerned on protecting the "obvious" targets of attack...
Other than the fact that their definition of "obvious" targets happen to be what most intruders are going to view as largely a waste of time attempting to get through. Real ones know that "backdoors" are better and quicker and are the real "obvious" targets anyways.

And with the value of the data/information that can be accessed from these systems of course they're going to be a prime target to start from. Something tells me this is not likely to be the last time something like this happens to Battle.net now that blood is in the water.
Reply With Quote
  #26  
Old 08-18-2012, 08:28 AM
hooby's Avatar
hooby hooby is offline
Champion
  
Join Date: Sep 2010
Posts: 1,651
Default
The thing is pretty simple actually.

Companies collect personal data, because it is worth a lot of money to them. In order for those companies to make winnings on that data, they cannot put up security that costs more than the data is worth. So they only spend a fraction of the data's worth on security.

They are knowingly taking chances on security, because they don't want to afford security upgrades.

Through my line of work I got a little insight into how some companies handle security of their customer data. That includes one major international credit card company.

Glaring omissions I tell you. Glaring omissions.

So if someone tells you their security is industry standard - know that means "weak".
Reply With Quote
Reply
Page 3 of 3 12 3

Tags
diablo

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 01:09 AM.

Contact Us - Grim Dawn - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.