Just what were the hackers after in the recent attack against Google, Adobe and Intel? Source code, specifically, Software Configuration Managers, according to a Techworld article.
Software Configuration Managers are collaboration systems where employees from all over the world can work on new software products. Apparently, the security is not to tight on some of these systems:
“To illustrate this point, McAfee researchers took a look at a source code management system used by Google itself, software called Perforce. They found a number of problems. Perforce sends passwords across the network in unencrypted form, allows anonymous users to create new accounts, and runs with a higher-than-necessary level of privileges, giving hackers an extra way to exploit the system it’s running on.
“There’s not a lot of security in place and there’s not a lot of logging,” to protect source code within most companies, Kurtz said. “If that’s your crown jewels, you might want to think twice about how you’re protected.””
Read the full article at Techworld.