Here is a well written article describing a recent security breach at a high-profile security firm. This article describes in easy-to-understand language the various faults–both technological and human–that came together to allow this breach to take place. There are several valuable lessons we can all learn from this incident. Two of them should be to never assume someone’s identity is valid over the Internet, and never send a password via e-mail. See if you can find some of the others.
Let me know what you think.