These stories tap into the very real and personal fear that we are being watched. None of us are safe. Everyone on the internet is out to get us in one way or another.
The media is very good at feeding this fear, reporting incidents that will shock and choosing to ignore others that don't have the intimidation factor. Did you know, for example, that your details are far more likely to be compromised by someone leaving a USB memory stick on a train than by a website being hacked?
The Privacy Rights Clearinghouse claims that 180,000,000 individual records (including names, addresses and credit card information relating to members of the public) were compromised in 2005, in breaches caused by the loss or improper disposal of paper records, portable devices and desktop PCs. In comparison, 631 records were compromised through hacking activity or malware during this same period.
In the past 2 months, we have heard how hackers have targeted LinkedIn, Yahoo Voices and Formspring, obtaining and posting millions of user passwords online. What seems to be glossed over, though, is the fact that many of the hackers have targeted these sites to show their owners how easy they are to breach. Several groups have claimed that their actions are meant as a 'wake up call' rather than a threat. Obviously, there are hackers who sell the details they obtain or use them for malicious reasons, such as emptying PayPal or online bank accounts, but many of them don't.
In reality, we are the biggest threat to our online security, because we don't choose strong enough passwords when we sign up for things. The ideal password should be 8 or more characters long, and should contain at least one number and one capital letter. Nearly every website that uses a password system tells us this or similar information, yet the 3 most popular passwords that were stolen from LinkedIn were "link," "1234" and "work." Hardly difficult to guess given the context of the site ("sex" and "dragon" were also popular, but we'll avoid those).
Of course, the more difficult your password is to guess, the more difficult it will be for someone to hack your account personally, but what happens when an entire website gets hacked, and not just your part of it? It's frustrating because, realistically, there's nothing you can do about it. If the owners of the website don't have a tight enough security system in place, chances are your details are going to be compromised.
Because of this, it could be argued that one benefit of hacking is that it makes websites tighten up their security. LinkedIn have now introduced further levels of password encryption to protect their users' data. Formspring disabled all accounts until the issue had been dealt with, and asked all members to change their passwords. Small changes, but they act as a major deterrent.
It is important not to over or underestimate the threat hackers pose. Yes, be as sensible online as possible, but don't live in fear. Choose complex passwords and be careful what you sign up for. If you're unsure, research. Knowledge is power, after all.
Top 5 Reasons to Check Website Security Why Ignoring IDS Could Lead to Substantial Damage for Businesses
0 comments:
Post a Comment