Tuesday, July 30, 2019

Hacking Capital One

I think of a firewall as an intrusion avoidance component of a software system.

It keeps unauthorized access to the nucleus of a system – the business of a system: passwords, customer data etc. - from happening.

I think of hacking as getting into the business of a system – the nucleus; penetrating a firewall opens up opportunities for hacking, but it is not hacking; hacking is breaking through the – one would hope and suppose – iron clad security wrapping the business system; if the security wrapping is robust enough, hacking won’t happen.

So, if the news is correct, and if the Capital One hacker accomplished stealing the data of 100 million Capital One customers by discovering an improperly configured firewall and penetrating it, one must find fault with the security wrapping Capital One’s business as being far from iron clad.

Maybe she is super-human, but likely she isn’t.

The fact that the Capital One business resides on Amazon Web Services makes the story pretty interesting.

All one needs to do is penetrate AWS’s firewall and the business systems are open season due to less than iron clad security wrapping?

No comments:

Post a Comment