Two stories about the hacking of NASDAQ and the Japanese Parliament illustrate the danger of relying on others for IT security.\u00a0\n\tThere was nothing new or particularly innovative about the attack that compromised the network serving Japan\u2019s lower house of parliament. In July, an elected official opened an email attachment carrying a downloader. (Feel free to insert your own joke about politicians\u2019 intelligence here.) The infection then spread to computers used by three other officials, and the Trojan phoned home to a server based in China and downloaded other information-stealing malware. It also compromised the network's server, where the ID codes and passwords of all the members of the Lower House and their secretaries are stored.\n\tThe hacker likely used this information to access personal and professional confidential information. Considering we are just hearing about this now and the initial penetration was in July it is safe to assume the perpetrators got pretty much everything they might want.\u00a0 The only remedial action made public: Legislators have been advised to change their passwords. How about hitting them upside the head with sticks?\n\t(Read Forget new threats: It's the old-school attacks that keep getting you)\n\tMore troubling is the story of hackers who gained access to the NASDAQ computers and used them to get into the networks of a number of other companies.\n\tAccording to Reuters, \u00a0\u201cThe case is an example of a \u2018blended attack,\u2019 where elite hackers infiltrate one target to facilitate access to another. In March hackers stole digital security keys from EMC Corp's RSA Security division that they later used to breach the networks of defense contractor Lockheed Martin Corp.\u201d\n\tWhile none of NASDAQ\u2019s trading platforms were compromised in the attack, hackers were able to access a Web-based software program called Directors Desk, used by corporate boards to share documents and communicate with executives. This allowed them to access confidential information for scores of directors and companies.\n\tAs the case of the Japanese Parliament shows, there are few bigger threats to security than a user with a laptop. What is the most frustrating \u00a0is that these cases are so easily avoided. Most of the time the users are just ignoring the basic computer safety training they\u2019ve already been given. As they say in Texas, \u201cYou keep giving them books and giving them books and they keep chewing on the covers.\u201d\n\tWithout more information it is difficult to say what allowed the NASDAQ intrusion to take place. Was this a case of overly trusting someone else\u2019s security systems? We don\u2019t know and, given the nature of the information that was taken, we may never find out. While the primary responsibility for this breach lies with NASDAQ, it is likely that others made the mistake of placing too much trust in someone else\u2019s security.\n\tThere\u2019s an old saying in journalism that politicians should be assumed guilty until proven. That same is true for any system that can gain access to your network.