Self-exiled, gun-loving ex-Anon, who goes by the name SparkyBlaze on Twitter, claims that skilled liars are the number one concern for information security.
“We have the software/hardware to defend buffer overflows, malware, DDoS and code execution. But what good is that if you can get someone to give you their password or turn off the firewall because you say you are Greg from computer maintenance just doing testing?” SparkyBlaze told networking giant Cisco on Wednesday.
“It all comes down to lies, everyone does it and some people get good at it.”
The self-described hacker recently severed ties with Anonymous over its supporters’ practice of killing “innocent peoples” anonymity when they leaked San Francisco transport user details, supposedly in support of the transport system's users.
“AntiSec Has Released Gig After Gig Of Innocent Peoples Information. For What? What Did They Do? Does Anon Have The Right To Remove The Anonymity Of Innocent People? They Are Always Talking About Peoples Right To Remain Anonymous So Why Are They Removing That Right?”, SparkyBlaze declared in a post on PasteBin this month.
“Out of the box” Windows consumers simply did not care about IT security, and did not understand its importance.
“Most people don’t know what hacking is, they use the same passwords everywhere and don’t use antivirus/firewalls,” he said.
“For them it’s an “out of the box” Windows install with IE7. This is the issue with people nowadays; they don’t understand the importance of computers and computer security.”
For the enterprise, security was the victim of budgets, according to SparkyBlaze, echoing the security vendor community.
“Companies don’t want to spend the time/money on computer security because they don’t think it matters,” he said.
“They don’t encrypt the data nor do they get the right software, hardware and people required to stay secure. They don’t train their staff not to open attachments from people they don’t know.
“The problem isn’t the software/hardware being used… it is the people using it. You need to teach these companies why they need a good information security policy.”
To read more from this author:
HB Gary names SQL injection as real ShadyRAT threat
Due diligence security is the enterprise Achilles heel
After DDoS and Patriot Act order, WikiLeaks opens floodgates