Hacker News new | ask | show | jobs
by nathanb 3837 days ago
I work for a company which makes network devices. We've detected many hostile intrusions in our network. If you make hardware or software that runs in enterprise datacenters, someone is surely going to be trying to steal your source code to find exploits and possibly put backdoors in.

We use multi-factor authentication just to get in the corporate network and a separate, airlocked engineering network to store our IP. From what I've talked to from my colleagues at other major device manufacturers, this is becoming the industry standard (seven years ago I scoffed at Ericsson's paranoia for having a sequestered engineering network. Turns out they just saw the attacks earlier than we did).

In our case, doesn't seem to be the NSA. Looks more like China. Could easily be either one, or yet another party. This is the world we live in.
2 comments
ghshephard 3837 days ago
When I set up the Stock Options system at Netscape (as the Desktop Support guy) back in 1997, It consisted of two computers, connected to each other via a switch, in a Locked room, with a wall all the way to the ceiling to reduce false-ceiling access, with that room also located inside the Secure Legal Office Space. Systems were backed up daily by the users, using encrypted backups to Zip Drives.

It's interesting how when you don't know what the hell you are doing, you sometimes do something reasonably secure by pure happenstance. (Also, I had probably read too much Bruce Schneier when I was a teenager.)

link
beagle3 3837 days ago
What exactly did the Stock Options system do? Was it the registry of options? Did the accounting department have such a secure setup?
link
ghshephard 3837 days ago
I'm not 100% familiar with what precisely they were tracking. The software was called "Equity Edge", and it involved employee stock options. I do recall contacting their support organization when I realized the data files they were storing on the hard drives didn't seem to be encrypted (the systems were Windows 95). Netscape had two employees whose sole job seemed to be the care and feeding (and data integrity) of this system.

Data was sent to the Accounting Department (and other Lawyers) on Printouts.

link
beagle3 3837 days ago
I was doing this for a fintec company in 2002, and was scoffed at by just about everyone. These things have been going on since the world became connected (somewhere in 1992 or so), and have been getting prevalent and intricate - but they are not new.
link