Even security companies make mistakes. It's just a little more embarrassing for them than the rest of the world.
ComputerWorld reports that FaceTime Communications applied some patches to their web server that reset defaults on some folders. This allowed the contact information for people who had downloaded whitepapers to be exposed on the net. I don't really blame FaceTime for this. It was an innocent mistake that anyone could make. What we need to do is learn from their mistake.
As I've mentioned before we are in the middle of rolling out a new Change Management system and our users HATE it. They like the old way of little or no accountability and having the freedom to do things their way. I don't know if FaceTime has a Change Control procedure in place or not but either way they do need to revise their test scripts. They need to expand what they test and also go back and check to ensure that unexpected changes don't happen. You can never be to careful when applying changes, especially to public facing systems.
Security's Everyman
Thursday, August 09, 2007
Egg on you FaceTime
Posted by Andy, ITGuy at 9:49 AM
Labels: Andy ITGuy, FaceTime, information security
Subscribe to:
Post Comments (Atom)
1 comment:
Nice headline, wish I'd thought of it...
I'm really hoping Chris Boyd (paperghost, vitalsecurity.org) is going to enlighten us on what's happened over at FaceTime soon. I've submitted the question to his postbag, and he's printed it on the site, so he *should* be answering at some point.
All the press I've read on this so far has been pretty reactionary and it's been more of a case of 'in your FaceTime'.
Aha, a headline I can use!
Post a Comment