Information Security & Occasional Forays Into Adjacent Realms
Let us join John Timmer - whilst writing at Ars Technica, as the Good Author hitches his wagon - as it were- onto an elevator and into a telemarketing Hades; and, Weep, my friends,for the practically useless DoNotCall registry, and Telecom Security - or lack thereof, while you're at it.
Last week's MailChimp hack and subsequent malicious emails are still not sufficently explained... I'll wager the RCA (if one was accomplished) points to deeper process issues than meets casual inspection. Perhaps stronger customer guidance on information security matters is in order (if, in fact, the cause was customer exploitation, rather than in-built flaws in the MailChimp infrastructure. In any case, you be the judge.
"A MailChimp spokesperson confirmed that it had reset passwords on the accounts included in the data dump": "Our team has obtained the data from the security researcher. They’ve validated usernames with our user base, and have forced password resets on the affected users. - via the inimitable Graham Cluley at grahamcluley.com**
Swati Khandelwal, writing at The Hacker News, regales us with the tale of Mumblehard, the Linux and BSD Server targeted attack malware that transforms those machines into pernicious spambots.