13 comments

[ 3.4 ms ] story [ 44.8 ms ] thread
> The editorial staffer, who had “super-administrator” privileges on Forbes’ WordPress publishing platform...

facepalm

From that telling of the story, multiple people made grave mistakes in a relatively short time period.
Security and Wordpress seem to be disconnected.
This is an attack that could happen to any site, Wordpress is irrelevant here. I know people like to bash and blame Wordpress for security issues, but in this instance it was the person who received the email that is to blame for not being diligent and aware of such attacks.
No. I'm tired of people blaming the recipients of emails.

The blame lies on IT departments who won't implement email authentication systems that have existed for years.

There should be a big green bar at the top of emails from people I would be likely to trust.

In this case, the email WOULD HAVE HAD a big green bar at the top. It was an email from a legitimate contact at VICE media who's email account had been compromised... possibly via something like the Target database leak.
Skillfully phrased, you get nods from both camps ;)
The weakest link in software security is often people.
Everything is ultimately built for people. This is just an obscure phrasing of "bad HCI design".
How can they be so sure it was not The Albanian Cyber Self-Defence Humanitarian Task Force?
tl;dr: Someone got phished.

That is not cracking, which is also not hacking.