Employee with last name 'null'

This has got to be a practical joke.. I can’t believe that the original poster is having such difficulty getting this string through the web tier!!


What's your weakest link?

I read this article today, thought it was quite funny.  Basically, a picture of a cute waitress got enough permissions to own a huge IT department in the federal government.

What’s YOUR weakest link?

Femme Fatale

According to the pen-test team’s fake social media profiles, Emily Williams, 28 years old, had 10 years of experience. They used a picture of a real woman, with her approval.

In fact, the real woman works as a waitress at a restaurant frequented by many of the targeted agency’s employees, Constantin reports.

Nonetheless, nobody recognized her.

Not only did the government employees not recognize their waitress, they flocked to the fake persona bearing her likeness.

Here’s how popular Emily Williams proved within just 24 hours of her birth:

  • She had 60 Facebook connections.
  • She garnered 55 LinkedIn connections with employees from the targeted organization and its contractors.
  • She had three job offers from other companies.

As time went on, Emily Williams received LinkedIn endorsements for skills, while male staffers at the agency offered to help her out with short-cuts around the normal channels set up for new hires that would net her a work laptop and network access (which the penetration testing team obtained but did not use).

Around Christmas, the pen-test team rigged Emily Williams’s profiles with a link to a site with a Christmas card.

Visitors were prompted to execute a signed Java applet that in turn launched an attack that enabled the team to use privilege escalation exploits and thereby gain administrative rights.

They also managed to sniff passwords, install other applications and steal sensitive documents, including information about state-sponsored attacks and country leaders.

Good grief.

But what about those 10 years of experience at the tender age of 28? Didn’t that sound any alarms?

Apparently not.

The bit about Emily Williams having 10 years of experience well might have been a tip of the hat to the inspiration for the ruse: namely, a fictional cyber threat analyst by the name of Robin Sage, crafted by Thomas Ryan, a US security specialist and white-hat hacker from New York, in 2009.

Like Emily Williams, Robin Sage was also set up to have 10 years of experience, though she was only 25 years old.

Ryan cooked up Robin Sage profiles on Facebook, LinkedIn, Twitter, etc., using them to contact nearly 300 people, most of whom were security specialists, military personnel, staff at intelligence agencies and defense contractors.

Despite the completely fake profile, which was populated with photos taken from an amateur pornography site, and despite the character’s name being taken from a US Army exercise, Sage was offered work at many companies, including Google and Lockheed Martin.

She was also asked out to dinner by her male friends, was invited to speak at a private-sector security conference in Miami, and was asked to review an important technical paper by a NASA researcher, the Washington Times reported.

For “her” part, Emily Williams managed to reach the very top of the government agency’s information security team.

But the attack started out low, targeting employees in sales and accounting, before hitting that high mark.

As the character’s social network grew, the attack team managed to target technical staff including security people and even executives.

Lakhani pointed out a few lessons from the experiment:

  • Attractive women can open locked doors in the male-dominated IT industry. A parallel test with a fake male social media profile resulted in no useful connections. A majority of those who offered to help Emily Williams were men. The gender disparity in social engineering has shown up in other situations, including, for example, the 2012 Capture the Flag social engineering contest at Defcon. Anecdotal evidence from the Defcon contest suggested that females might have more compunction than males about duping others, but they may be better at sniffing out a con.
  • People are trusting and want to help others. Unfortunately, low-level employees don’t always think that they could be targets for social engineering because they’re not important enough in the organization. They’re often unaware of how a simple action like friending somebody on Facebook, for example, could help attackers establish credibility.

How do you solve a problem like overly friendly, helpful employees?


6 terabyte hard drives ship

6TB helium-filled hard drives take flight, bump capacity 50%

Finding ways to use helium gas lets Western Digital decrease power use by 23%

November 4, 2013 06:12 AM ET

Computerworld – It took Western Digital’s HGST subsidiary more than a decade to develop a way to reliably seal helium gas inside of a hard drive. It was worth the wait.

HGST Monday announced that it’s now shipping a helium-filled, 3.5-in hard disk drive with 50% more capacity than the current industry leading 4TB drives. The new drive uses 23% less power and is 38% lighter than the 4TB drives.

Without changing the height, the new 6TB Ultrastar He6 enterprise-class hard drive crams seven disk platters into what was a five disk-platter, 4TB Ultrastar drive.

4TB v 6TB

A comparison between HGST’s 4TB Ultrastar drive and the new 6TB Ultrastar He6 enterprise-class hard drive

While HGST would not release specific pricing for the drives, as they will be sold to server and storage array manufactures, the company did say the drives will “command a premium” not just based on capacity, the lower total cost of ownership that the helium technology offers.

“I’d say helium is one of the major breakthroughs in the hard drive industry because you can only increase the platter areal density so much with today’s technology,” said Fang Zhang, an analyst at market researcher IHS.

While the Ultrastar He6’s 50% boost in capacity is impressive, what’s most notable is the power reduction, Zhang said, because the high-capacity drives will be used in large data centers and cloud infrastructures.

At one-seventh the density of air, helium produces less drag on the moving components of a drive – the spinning disk platters and actuator arms — which translates into less friction and lower operating temperatures.

The helium-drives run at four to five degrees cooler than today’s 7200rpm drives, HGST stated.

Sealing air out of the drive also keeps humidity and other contaminates from getting in.

Netflix, which uses HGST high-capacity hard drives in its data centers, said the increase in capacity and lower power-usage in the Ultrastar He6 hard drives will go a long ways toward optimizing their streaming video server infrastructure.

Netflix serves up billions of hours of streaming video per quarter to over 40 million subscribers requires a constant effort to optimize server infrastructure, according to David Fullagar, director of Content Delivery Architecture at Netflix.

As part of our efforts to optimize the delivery ecosystem for Netflix and our Internet Service Provider partners, we strive to build better and better streaming appliances. The high storage density and lower power usage of the Ultrastar He6 hard drives allow us to continue with that goal, and create a great customer experience,” Fullagar said.

HGST said it’s been working with key computer manufacturers, cloud and research groups, including HP, Huawei Unified Storage, Green Revolution Cooling, Code42, CERN as well as some of the world’s largest social media and search companies, to qualify the drive.

“Data is going to the moon. As we deploy solutions that are tens and hundreds of petabytes, anything you can do to increase density is a boon,” said Jimmy Daley, director of Smart Storage at Hewlett-Packard. “We are seeing about 2-watt lower power on random workloads compared to today’s 4TB. That’s about 20% [power reduction].”

Daley is currently testing more than a dozen of HGST’s He6 6TB drives in HP’s SL4500 servers, and expects hundreds of the drives to be in the servers by the end of the month.

The SL4500 servers hold up to 60 drives each. Previously, the SL4500 server, using 4TB drives, could hold a quarter of a petabyte, or 250TB of data; the box could potentially hold one-third of a petabyte, or about 333TB of data with the 6TB drives.

“To me, it is a clear indication of how important density is,” Daley said. “Density translates into reduction of footprint.”