Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

ApfelKuchen

macrumors 601
Aug 28, 2012
4,335
3,012
Between the coasts
Even assuming the leak is genuine, how do you come to the conclusion that companies like Samsung don't take security seriously? They can be incredibly serious and still have an exploitable weakness, whether the weakness is in software/systems or a "trusted" employee or business partner. I don't think there's ever been a 100% effective defense against anything if an attacker is sufficiently determined and has sufficient resources to expend.
 

Pakaku

macrumors 68040
Aug 29, 2009
3,266
4,822
One data breach isn't enough to say tech companies (blanketing all tech companies together, as you seem to put it) don't take security seriously. If they didn't, breaches would be infinitely more common.

Plus we don't know how the data leaked, which could tell a lot about how secure the data was in the first place. Did they phish or guess some passwords, did an insider intentionally put it out there, or did it take far more work from an outsider?
 
  • Like
Reactions: traveltoromantis

I7guy

macrumors Nehalem
Original poster
Nov 30, 2013
35,142
25,213
Gotta be in it to win it
There are some data breaches that are absolutely preventable. Some hacker finds their way into some system not configured correctly by some sysadmin. While obviously I don't know the answer to these questions.
- Did Samsung hire external expertise to assess it's practices
- Were security experts brought in to do penetration testing on their systems
- Are sensitive areas firewalled off properly
- Do Samsung employees receive training in phishing emails and good security practices
- Are multiple authentication methods in place for Samsung employees logging into corporate systems
- Do Samsung systems get patched regularly
- Are Samsung systems hardened properly -- according to industry best practices
- Do Samsung systems undergo periodic review
- Does Samsung follow industry best practices
- Does Samsung have systems and processes in-place to monitor the network

While we may never get the answer on how this leak was accomplished, some leaks, like the infamous RSA leak was brought about by one employee clicking on something they should have known better.
 
  • Like
Reactions: The Clark

JPack

macrumors G5
Mar 27, 2017
13,471
26,077
Qualcomm source code? Sounds expensive and prize worthy.
 

satcomer

Suspended
Feb 19, 2008
9,115
1,977
The Finger Lakes Region
Sounds as if an Admins account from home was hacked or a former Admin that was fired sold his credentials to highest bidder! That's how most people get "hacked" or plain imitating a remote Admins account! I was amazed that after one job my remote credentials STILL worked, that amazed me and told a old friend they need to delete former Admins accounts as soon as person leaves!
 

ApfelKuchen

macrumors 601
Aug 28, 2012
4,335
3,012
Between the coasts
There are some data breaches that are absolutely preventable. Some hacker finds their way into some system not configured correctly by some sysadmin. While obviously I don't know the answer to these questions.
- Did Samsung hire external expertise to assess it's practices
- Were security experts brought in to do penetration testing on their systems
- Are sensitive areas firewalled off properly
- Do Samsung employees receive training in phishing emails and good security practices
- Are multiple authentication methods in place for Samsung employees logging into corporate systems
- Do Samsung systems get patched regularly
- Are Samsung systems hardened properly -- according to industry best practices
- Do Samsung systems undergo periodic review
- Does Samsung follow industry best practices
- Does Samsung have systems and processes in-place to monitor the network

While we may never get the answer on how this leak was accomplished, some leaks, like the infamous RSA leak was brought about by one employee clicking on something they should have known better.

All these questions are completely reasonable (and the list is hardly complete). There are most certainly breaches that were 100% preventable. However, there's a difference between asking questions and drawing a conclusion before they are even asked, no less answered. Like they say, "Innocent until proven guilty."
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.