Yet Again

Like right before our eyes

Thanks, Microsoft
Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . .

I’m on a bit of a staycation this week. But that doesn’t mean I can’t write my Dan’s New Leaf article.

One of the things I do while on staycation is catch up on my reading. I have an email folder – within my personal email system – where I forward links to various articles. And every staycation I am reminded of the problem with this approach – by the time I get to the links, they are kind of out of date.

So then I just go to Schneier or Krebs or Kindervag.

When I came across this article, it reminded me of the 2010 Indiana Bankers Association Information Security conference. We still called it Information Security in 2010.

The year before, at the 2009 conference, my friend Matt Jonkman had delivered a presentation called “Hack Attack Live”. We were all excited, because of how hard it has always been to get anybody willing to do a live demonstration of a hack attack.

In his 30 minute demonstration, Matt showed us how to compromise a website using a SQL injection attack. Using the OWASP site that was set up to teach people how those attacks worked, he caused a sigh of whispers – then the sound of crickets – as the conference realized they were watching him compromise the site’s administrator account.

Right before our very eyes.

I’ll always remember the evaluations of his talk. Especially the one where the attendee said, “this guy scares me.”

And the punchline of his talk was: we could all learn to do this attack, by going to owasp.org

So the following year, after we yet again could not find a speaker willing to do a live demonstration of a hack attack, I decided to go to owasp.org. After wiping an old laptop, and setting it up from scratch to make sure I wasn’t introducing any vulnerabilities to our system, I learned how to do the same exact attack that Matt demonstrated.

And the attendees of the 2010 conference got to see me prove that even Dan Hadaway can learn to execute an attack. I was surprised at how easy it was.

So fast forward 13 years. What a wonderful number. 13. Most of us know this as an unlucky number.

And 13 years later, instead of fearing SQL injection attacks (which are really easy to prevent, by the way), we’re learning that Microsoft … who has told us that there are guardrails on GPT technology… is yet again creating an entire set of vulnerabilities. Vulnerabilities that we all get to respond to.

Thank you, Microsoft.

Original article by Dan Hadaway CRISC CISA CISM. Founder and Information Architect, infotex

Dan’s New Leaf” – a fun blog to inspire thought in  IT Governance.

same_strip_012513

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Considerations – Why you should choose infotex, Inc. as your next MSOC!

Reasons why we should be considered! infotex provides a number of services that can be checked out if you click over to offerings.infotex.com! We even made a movie with all the reasons why infotex...
READ MORE

The Magnificent Seven 2023

Seven Trends . . . …that small bank Information Security Officers face in 2023 Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Welcom...
READ MORE

infotex

MANAGING TECHNOLOGY RISK

Linkedin-in Facebook-f Youtube Twitter

SERVICES

EDUCATION

COMPANY

CONTACT

SIGN UP FOR OUR BLOG

As part of infotex‘s service to our clients, find “non-mainstream” articles about relevant security issues.

Facebook Youtube Twitter