Various sites like LinkedIn, eHarmony and last.fm were under cyber-attacks from the hackers with the message written in Russian language. What kind of reason for this attack is this? I surely have my LinkedIn account but then who takes the shit about it. Sure, my Wordpress blog and my Box.net data can be seen there that I may need better passwords for those two services as well as my LinkedIn account and after this blog post, the password change plans will be taking effect from me.
The first issue is that companies need to do a better job in protecting our data and especially our security credentials, not to mention their networking equipment, computer equipment and other equipment that hold the services the companies are doing and especially for the servers that are holding our stuffs. The fact that LinkedIn forgot to salt the password hashes had made the task of cracking password infinitely easier for hackers. If they had salted the password hashes earlier as a proper opportunity, the salt would have minimal overhead to them and would have gone a long way to reduce the impact of the breach. In addition, there are various tools usually, hardware and software tools as well as proper security and business plans that help organization detect and stop these types of attacks.
So things are not perfect and no system can be perfectly secure like breaches will happen and passwords will be released. But how can we protect our passwords and identities?
- One way is to have a central password safe that all sites rely on for authentication. This is something that Facebook is offering like you can login to various websites with your Facebook account such as Jolicloud, Myspace, Nico Nico Douga to name a few. This has the benefit of allowing you to pick an ultra-secure password and not risk forgetting it. It also means that you can hopefully rely on the universal platform to properly store and secure your passwords in such a way that even if they are compromised, the actual data can not be read. However, the downside is that this may seem to be a poor idea overall for various reasons.
- Another way is to use a token in your possession that constantly changes. Sites like eBay already provide this functionality and it’s a good way to help secure your identity. Unfortunately for me, I don’t buy things online as I may be nervous to do that and besides, I don’t even have the credit card perhaps for eBay service and it’s not easy to buy things online if you have entered your personal information incorrectly. Even if someone attempts to steal your password, the login will be impossible without the token. This isn’t a foolproof solution though as last year’s attack on RSA proved but it’s another layer of protection that is a step in the right direction. This may be better than the first way but unfortunately if you have to carry hundreds of tokens, this doesn’t help to scale well around on your key chain to access the web.
- Or the best solution will be to tie access information into your smartphone. Many people are using smartphones, so instead of a token, sites can provide apps for your smartphone or perhaps send the SMS message that contains the password to you. For me, I do have my Ipod Touch but that’s not the case. The downside is that more companies will have access to your phone number and if you lose your smartphone device, you may end up letting anyone to access your data on the web and the device you have lost. Other than this, this may be a better solution than having poorly secured passwords that attackers can easily obtain.
But then, which method am I going to use for higher level of security? This is not the first time we had seen such news like the last year’s April Playstation Network attack. What had that attack got to do with some governmental action? We SURELY NEED to be MORE SECURE but how can we find such tools and solutions for this? You know, during my college days, I had learnt certain modules like IT security as well as certain IT Free Training videos regarding the cyber security related topics and nowadays, there are more IT Free Training videos coming and best of all, the Windows 7 Chapter list is complete this year! Downside though, not all chapters I learnt from IT Free Training were submitted for my juniors to learn last year during my Industrial Attachment Program. At that time, the chapter list wasn’t even complete yet. Furthermore, IT Free Training is even busy with other Microsoft certificated courses so I have even more to learn.
So eventually, let’s get more secure as ever and keep on computing and gaming securely. Refer to my profile to check out my interests.
