Review of past cyber carnage courtesy of .CN

March 17, 2011

Imagine that all our organizations information was being read by a foreign nation state, who uses it to modernize their arsenals which you might have to fight one day, steal your innovative ideas and hand them off to their national universities to finally replicate and deliver to Goverment backed/owned enterprises, use timely intelligence to have full knowledge of your plans/intentions and negotiating positions and then undermine them to force you to abort your preplaned negotiation limits, or scoop the deal your organization has been working on for months/years by under bidding you and winning multibillion dollar resource extraction contracts.  How about targeting your cyberdefence infrastructure by extracting its details and custom coding software that undermines and circumvents it.  Image your organization that has lost its entire Active Directory password database extracted from your domain controllers, image enemies coming and going at will through your networks,  imagine that at ANY time, your adversaries can extract your email like a vacumn cleaner right out of your Exchange inbox and PST files without you even knowing about it.  Imagine your enemy attacking you through your subcontractors VPNs, your users getting emails daily with undetectable trojan horse payloads while your Email gateway doesnt bat an eyelash, image your adversaries accessing all your juicy portals and N-tier web based content systems and browsing at will on the back of legitimate yet compromised user credentials. An lastly imagine for a second your adversary having the ability to download or modify its code and use its access to install and run destructive capabilities at will.  Really. Really? Ponder it and then demand answers. 

CyberDefense is bullshit.  Tippingpoint is now. Do something or it will be to late later.

This is the daily reality we are facing.  For people and so called experts who are not in the know and call this FUD, they are clueless.  Here is a rollup of the Sh1tSt0rm thats just transpired in the last couple months.

Think about this as a citizen and then ask yourself, the US has the most powerful cybercapability in the world, what the f#@# are we doing with it.  Why are these attacks continuing?  Are we impotent to stop them.  Have we lost the ability to project national power to compel an adversary to modify its actions?


  • (The MHTML implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle a MIME format in a request for content blocks in a document, which allows to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer.)

  • (new victims revealed)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

%d bloggers like this: