SoylentNews is people
SoylentNews
Hackers Went Undetected in Citrix's Internal Network for Six Months:
Hackers gained access to technology giant Citrix's networks six months before they were discovered, the company has confirmed.
In a letter to California's attorney general, the virtualization and security software maker said the hackers had "intermittent access" to its internal network from October 13, 2018 until March 8, 2019, two days after the FBI alerted the company to the breach.
Citrix said the hackers "removed files from our systems, which may have included files containing information about our current and former employees and, in limited cases, information about beneficiaries and/or dependents."
Initially the company said hackers stole business documents. Now it's saying the stolen information may have included names, Social Security numbers and financial information.
Citrix is big in digital workspaces, networking, and analytics. I imagine this breach caused many VeryNotGood days for a large number of company people.
Were you affected?
(Score: 4, Interesting) by All Your Lawn Are Belong To Us on Friday May 03 2019, @02:42PM (4 children)
... The million dollar question is that if the supplier of technology solutions to 99% of the Fortune 100 and one of the biggest players in networking and SaaS/DaaS technologies can have undetected infiltration for six months then when are we going to wake up and realize that status of internet security is so terribly broken that we need to scrap our existing system and start over with information technology that has security incorporated from the outset, instead of relying on the catch-me-screw-me methods prevalent since starting this broken ass system of insecure-by-default? Instead of just accepting risk why not eliminate it?
This sig for rent.
(Score: 1, Insightful) by Anonymous Coward on Friday May 03 2019, @03:54PM (2 children)
It's really quite simple. If eliminating some risk factor costs more than the possible consequences of accepting that risk factor, the rational decision is to accept the risk.
The consequences of this data breach are probably that a bunch of people had, or will have in the near future, a pretty stressful week. It will be business as usual before long and this issue will be forgotten.
(Score: 2) by DeathMonkey on Friday May 03 2019, @06:46PM (1 child)
Which is why we use regulation to increase the possible consequences.
(Score: 2) by RS3 on Friday May 03 2019, @08:34PM
I agree, but are there many such regulations? Perhaps you're in Europe or somewhere more progressive. Here in the US they tend to wait until people die before laws are passed. But I don't want to be cynical- governments are finally becoming more aware of the criticality of data and privacy protection.
(Score: 0) by Anonymous Coward on Friday May 03 2019, @05:53PM
A couple more Moore's law cycles and your suggestion might be feasible, but it's not right now for the same reasons no one uses IPv6 security extensions: they require to many computing resources for too little gain.