SITES DONT GIVE A DAMN ABOUT YOUR SECURITY


The sheer volume of reportage on hacking is overwhelming.   The sites being hit are the ones that you and I use every day.   Some provide useful information, some, valuable services and others perhaps just news or trivia.   We use them multiple times a day – sometimes without even being fully aware that we are,  like DropBox.   We use these sites  to store personal and business information, to connect us with potential clients, employers and employees, to help us choose insurance providers, to send us our groceries and some, to just play on.   Dropbox allows us to seamlessly log in by re-referencing a cookie they have planted on our computer to ‘verify’ our identity.   LinkedIn also uses the same technique when we log in.   

A user name and password. 

How secure is that ?   

Well,  not very,  given that both of these sites have been hacked and your and my personal information has been exposed to the dark hacking underworld.

And make no mistake the hacking world is - dark and very scary.   Read Misha Glenny’s Dark Market to find out just how dark and scary.  (DARK MARKET)   

Some of the hacks that have taken place over the last 12 months range from gaming applications (SONY HACK 100M IDENTITIES AT RISK );  to banking (CITIBANK) to security companies themselves (RSA)  to dating sites like (eHARMONY) to military suppliers (LOCKHEED MARTIN) to email marketing companies (EPSILON) not to mention the storage (DROPBOX) and social network (LINKEDIN) sites quoted above.   No one is immune.  

How does that make you feel?  You have entrusted your personal data to these sites.  What happened if yours was the email address that was stolen, that yours was the personally identifiable information that was used to create a new persona that was then used to buy a car or a house.   That was then found guilty of credit card fraud and that was then criminalised.    What if you had to then spend months or even years trying to clear your name?  What if your identity was used to buy child pornography and you were arrested and sent to jail wrongfully?    These things do happen and they have happened.  

You are at risk because the sites you use don’t take your security seriously. 

What have DropBox and LinkedIn done since being hacked?   DropBox now offer two factor authentication – as an option not mandatory.  LinkedIn have salted their passwords.   Wow.  !!!    All they are concerned about is the fact that the user experience should be untouched for fear of losing customers.    In other words they have thumbed their noses at you and said they will do the bare minimum and no more.   It is your problem.  

They don’t care and will continue to treat your personal data with flagrant disregard until they themselves suffer serious consequences like a hefty fine or threat of closure or licence revocation.   It seems that even negative publicity is not sufficient to make these companies do the right thing.   

But maybe if enough of their customers i.e. you, started making enough noise -  demanding that security be improved then perhaps they will start to listen.  The Arab Spring started with a single defiant cry that become a massive chorus.   Do you want to be part of that chorus or are you too fearful to push for change? 

Time to take the bull by the horns  and demand better security.  Take to the streets if need be.  We live in a time of dramatic change.  Embrace it. 


Comments

Post a Comment

Popular posts from this blog

The End of Passwords

Finally it seems … the penny has dropped.   Passwords are a poor substitute for real online security.   There is more and more ‘chatter’ about it.    Robin Henry writing in the Sunday Times on New Years Day talks of the end of ‘password hell’ invoking solutions in the pipeline from the Web Gods – Apple and Google.  The talk is of new biometric solutions such as facial and hand movement recognition.  Even IBM is talking this way.  ( http://www.forbes.com/sites/thestreet/2011/12/20/ibms-tech-predictions-for-the-next-5-years/ )  I agree with the notion that passwords are a dying breed but not that biometrics will become vogue.   They are fraught with problems of their own such as reliability, accuracy and the need for referencing of data-bases ( fail !) .    Why are passwords defunct?   Basically they are difficult to remember and they are easy to steal.    The solutions needed are those that require no cognitive load for the user ( the most unreliable participant in this enterprise
Read more

WIKILEAKS - the fuss?

Why all the fuss ? Why the ‘outrage’ at this ‘threat to national security’ ?   Are we really worried that nuclear war is going to break out because of these ‘dirty’ secrets getting out.  As if the North Koreans are going to up the ante any more than their mock charge of last week because of the abuse and scorn heaped upon them by US Diplomats.  ? !    Come on. To me the irony of this bluster is that it is (largely) from the right wing establishment in the US - calling it treason!     Any party that parades a half wit like Palin as a presidential hopeful hardly holds any moral high ground when it comes to protecting the USA.   Her appointment as the ‘leader of the free World’ will be enough to send any level headed American ( let alone any one of their Allies ) into a panicky tailspin at the thought of what she may stumble into ( by accident or design) . So how did these documents get out there?   Poor security.  Plain and simple.   If the US is so worried about this incident su
Read more

HSBC EMBRACES OLD TECHNOLOGY IN ITS BATTLE AGAINST HACKERS

 If you live in the UK and are somehow involved in the business world and exposed to media you could not help but have noticed the extensive advertising campaign that HSBC has been running on its new (sic) ‘security device’ for online banking - Secure Key.    ( I was tempted to refer to them as  ‘ large UK bank’  - but it is so obvious who it is – no point in pretending. ) A lot of money has been thrown at this campaign – I would guess millions.  ( http://www.youtube.com/watch?v=Jx0Z5CiQMIw )   Full page spreads in large circulation newspapers cost big bucks not to mention prime time TV slots.   So here you have the worlds largest retail bank splashing millions on advertising and even more on a ‘cool’ little device that looks like a mini-calculator  - but basically a technology that has been around for about a decade.   This will be rolled out to 4m retail customers worldwide at a reported cost of up to £50 per pop! ( http://www.bankingtech.com/bankingtech/article.do?articleid=200002
Read more