Sunday, June 1, 2003
Is Your Data Secure?
Posted by Ed Hansberry in "THOUGHT" @ 05:00 AM
I read an article today that just left me shaking my head. It was an article by Rob Pegoraro called No Passport Out of Password Prison and talks about how Microsoft's Passport won't save us from the plethora of passwords we now have for various online sites. Keep in mind the last time I read one of his articles I wrote a mini book on it. Something about his stuff just throws me off of the deep end sometimes. :roll: Based on that previous article, it is pretty clear Rob uses a Palm, which is fine. Whatever works for you best. Hey, I use a Symbian 60 Nokia 3650 cell phone and love every minute of it.
So how does Rob keep his data secure? "The second is to store your passwords someplace where you can look them up. That's what I did: After forgetting my bank-card PIN -- one of the most embarrassing forms of forgetfulness possible in the modern world -- I typed those digits, along with every other password I could remember, into a text file and encrypted it with the Pretty Good Privacy program. That's worked well for me . . . except when I've had to go home to log in to a site."
Huh? Come on. Sure that data is secure but in a text file? Use eWallet or a comparable product. I have over 280 cards in my personal eWallet file and a whole bunch more in my work eWallet file. 8O I couldn't imagine that in a text file, and the eWallet file is portable. I also work with people that have half of this lesson correct. They keep all of their data with them on their PDA... in a Notes/Memo application. AAARRRGGGHHHH! You might as well keep passwords on post-it notes around your monitor or write your PIN number on your ATM card.
Then there was this article that talked about professional hackers that hacked to gain sensitive data from corporate systems so they could turn around and blackmail the company. How sophisticated are these hackers? Not very. They don't have to be. They steal from morons, which is much easier to do. That is what I would do.
"The Russian hackers referenced in the Post articles [see articles here, here and here] said that the first thing they always tried when breaking into a computer system was to use the default passwords, and that most of the time they worked. After that, they tried known and proven vulnerabilities within Windows, and that worked the rest of the time. More obscure attacks were rarely needed, mainly because so many companies yielded to their first two tactics so easily." Double AAAARRRRGGGGHHH!!!!
All people need to do is be sensible. Keep passwords secure and throw some numbers and symbols in them so dictionary attacks don't work, keep them with you in an encrypted format and stay up to date on security fixes. Did you know that two of the most wide spread security issues on the internet (Code Red and Slammer) exploited bugs that Microsoft had patched no less than 6 months before the attacks began? Oh, and do you run Microsoft's SQL Server? Is your default password for the "sa" account still blank? Just go shoot yourself now. ;)
Personally, I keep my critical info in eWallet, encrypt the data with eWallet's 128 bit security, then lock that behind the Pocket PCs power-on security. Am I 100% safe? No, there is no such thing. However, the effort required to get at my data is too high for most thieves. Thieves are smarter than that. The guy behind me might just be a moron. :D Are you behind me?
So how does Rob keep his data secure? "The second is to store your passwords someplace where you can look them up. That's what I did: After forgetting my bank-card PIN -- one of the most embarrassing forms of forgetfulness possible in the modern world -- I typed those digits, along with every other password I could remember, into a text file and encrypted it with the Pretty Good Privacy program. That's worked well for me . . . except when I've had to go home to log in to a site."
Huh? Come on. Sure that data is secure but in a text file? Use eWallet or a comparable product. I have over 280 cards in my personal eWallet file and a whole bunch more in my work eWallet file. 8O I couldn't imagine that in a text file, and the eWallet file is portable. I also work with people that have half of this lesson correct. They keep all of their data with them on their PDA... in a Notes/Memo application. AAARRRGGGHHHH! You might as well keep passwords on post-it notes around your monitor or write your PIN number on your ATM card.
Then there was this article that talked about professional hackers that hacked to gain sensitive data from corporate systems so they could turn around and blackmail the company. How sophisticated are these hackers? Not very. They don't have to be. They steal from morons, which is much easier to do. That is what I would do.
"The Russian hackers referenced in the Post articles [see articles here, here and here] said that the first thing they always tried when breaking into a computer system was to use the default passwords, and that most of the time they worked. After that, they tried known and proven vulnerabilities within Windows, and that worked the rest of the time. More obscure attacks were rarely needed, mainly because so many companies yielded to their first two tactics so easily." Double AAAARRRRGGGGHHH!!!!
All people need to do is be sensible. Keep passwords secure and throw some numbers and symbols in them so dictionary attacks don't work, keep them with you in an encrypted format and stay up to date on security fixes. Did you know that two of the most wide spread security issues on the internet (Code Red and Slammer) exploited bugs that Microsoft had patched no less than 6 months before the attacks began? Oh, and do you run Microsoft's SQL Server? Is your default password for the "sa" account still blank? Just go shoot yourself now. ;)
Personally, I keep my critical info in eWallet, encrypt the data with eWallet's 128 bit security, then lock that behind the Pocket PCs power-on security. Am I 100% safe? No, there is no such thing. However, the effort required to get at my data is too high for most thieves. Thieves are smarter than that. The guy behind me might just be a moron. :D Are you behind me?