Entry Point of JPMorgan Data Breach Is Identified
dealbook.nytimes.comThe most advanced, at least in terms of haptic based cryptography, is owned by Bank of America in the US. When reading through the USPTO, I didn't see anything revolutionary owned by JPMorgan.
To me the awesome news here is that while the leak happened, it's accountable 100%. That's very swift closure compared to many, many other data breaches of the past.
"Big corporations like JPMorgan spend millions — $250 million in the bank’s case — on computer security every year to guard against increasingly sophisticated attacks like the one on Sony Pictures."
Yes, sophisticated attacks like finding a passwords.txt file.
One server without two factor got them owned? Makes you wonder what else was going on. Did they have ssh keys or something that got them further into the network?
That just got them onto a box within the network. That's the biggest hurdle. Once you're inside, you could start poking around for weaknesses and exploit whatever you find.
Usually access to banks networks are guarded with an RSA fob + password. It's unclear from the article if JP use that system or not.
It's actually mentioned in the 4th paragraph that they do use a 2FA system.
"Two people briefed on the matter said that an N.S.A. special team will sometimes work with a corporate victim of hackers to ensure that no trap doors remain."
Well, no NSA backdoors, at least.
I think you mean "no non-NSA backdoors, at least."
Oops, of course, yes that's what I meant.