Blacklists sound like a racial slur, but they are simply a list of known bad offenders. Email spam is effectively kept in check to some degree by maintaining blacklists of known bad offenders. If your mail server isn’t accepting mail from a domain because the security is notably ‘not acceptable’ and ‘likely compromised’ why would you let that same domain access your login systems?
I’ll keep my rant short and to the point, but the details of the attack are a bit like a drunken man explaining how his cat ‘escaped’ after he left the door open and his music playing really loud for hours.
Today there was news of another major hack on the Canadian Federal government in top level systems. Part of the news revealed that “Defence Research and Development Canada”, a civilian agency of the DND, was compromised. I personally read that as “hackers will be enjoying the fruits of our federal research money/time before we are”.
This hack also took major segments of the federal government offline, likely as a necessity to facilitate cleanup and containment of the situation. So this wasn’t a ‘scare’ or an ‘annoyance’, it’s clearly costing us money, tax payer money.
The source of the attacks came from China, as they always seem to be. Admittedly, if one wanted to hide their identity, the best place to start would be an insecure network in China, and then work out from there. If this is a no-brainer for myself, a tech-savvy SEO, what’s going on with the professional security services we’re paying for?
Do we really have a lot of Canadian federal employees in China making it far too difficult to block logins to sensitive networks from that entire country save a few exceptions?