Friday, December 2, 2011

(Lack of) Computer Security

Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.
~Clifford Stoll
If you use Google news you can customize it to include specialized topics of interest. One of my news "extras" is Computer Security and recently it was full of depressing news about serious security violations

Medical Record Theft At Sutter Health
Information stolen on more than 4 million patients of a major Northern California health care provider. What's unusual about this incident is not some clever hacker but a thief who broke a window with a rock and stole a PC containing patient records.
"Over the last two years, health care organizations have reported 364 incidents involving the loss or theft of information ranging from names and addresses to Social Security numbers and medical diagnoses on nearly 18 million patients – equivalent to the population of Florida."
Water utility hackers destroy pump, expert says
Hackers may have destroyed a pump used by a US water utility after gaining unauthorized access to the industrial control system. Many industrial control systems rely on passwords that are hard-coded and it looks like Russian hackers stole the password from the company that made the equipment. The hackers (after much experimenting) managed to burn out a water pump by rapidly turning it on and off. One expert noted, “These things are connected to the Internet in ways they shouldn't be.”

This is "a really big deal".

Hackers attack Norway's oil, gas and defence businessesIndustrial secrets and information about contract negotiations had been stolen from at least 10 firms according to Norway's National Security Agency (NSM). Normally attacks like this would be kept secret but the NSM wants to world to know about these very skillful hackers.
"The attackers won access to corporate networks using customised emails with viruses attached which did not trigger anti-malware detection systems. ...  the email messages had been sent to specific named individuals in the target firms and had been carefully crafted to look like they had come from legitimate sources."
Facebook admitted that hackers are breaking into hundreds of thousands of Facebook accounts every day.
"Don’t use the same password and username combination for multiple websites. Use an online password manager to keep track of your different accounts."

Bottom Line

Hacking is not just nerdy teens having fun at your expense. There is money to be made selling identity information and there are government sponsored hackers (Russia, China) seeking weakness for cyber-warfare or corporate espionage.

Check out this article on the 25 worst passwords
http://www.telegraph.co.uk/technology/news/8898482/25-worst-web-passwords.html

Update
Recent news is claiming that the Utility pump was a false alarm. No proof that hackers destroyed it. Perhaps. But the risk is real and it is only a matter of time before real damage is done by hackers.

Labels: , , ,

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home