Data, Data, Everywhere

When organizations like the White House and JP Morgan can not keep their data safe, how in the world are small businesses and individuals supposed to keep their information safe?

Computer Security has become a large field with many aspects.  There is an old saying in Computer Security; the absolutely secure computer is the completely unusable one.  The goal of the computer security specialist is to figure out a balance between usability and security.

An organization such as an international bank might have very tight security.  For example, to access the primary encryption key for a bank will probably involve a lot of physical security coupled with social security.  You might need two or more senior management to open a secure vault and retrieve their portion of a key.  All of this will be done on camera, with a team of technicians, management, and security.  Often these keys are stored within vaults within vaults.  Many contain man traps.  Oh, the poor techie who wakes up on the floor after being gassed because he didn't get the codes entered in proper sequence.

As a system becomes more secure, it becomes increasingly hard to use.

Obviously a system like this is very secure, and sounds like something out of a James Bond movie, but something as simple as generating a new SSL certificate can take weeks of planning and dozens of people.  Secure, but not very usable.

High value targets are banks, government, defense, infrastructure, e-commerce, etc.  But monetary gain isn't the only motive behind theft.  Some folks do it for the glory.  In some of the recent celebrity private photo thefts the cracker asked for donations but reportedly received very little Bitcoin.  The celebrity photo thefts employed mostly social hacking and is an example of what is likely to happen to most common users.

But what if someone destroys your family photos?  Some crackers have been known to break into your system and then hold your data hostage until you pay a ransom.   This is where Disaster Recovery can save the day.

For most of us what we really need is to keep our financials safe.  Sure, it can be embarrassing when someone breaks into our Facebook account, and even dangerous.  I know of more than one case where someone has had their Facebook account jacked and the cracker contacted their friends trying to get money.  There are a few things you can do to try and protect yourself.

First use strong passwords.  These are generally considered to be 8-12 characters in length and a mix of upper and lower case letters, with some numbers and punctuation symbols thrown in.  Passwords should never contain words that one might find in a dictionary.  While a password like ";3R[atOHnX1^" might be secure it is nearly impossible to memorize and hard to type in.  This is where password managers can come into play.  It is vitally important that your master password list be safe and secure.  If you lose it not only will all your accounts be compromised, but you might not even be able to access them!

Never use the same password across multiple accounts.  If a website is cracked and their password lists stolen, a cracker will often try the account credentials on multiple websites.

Use two factor authentication when it is available.  More and more providers are enabling two factor authentication.  Having a physical "key" that is required to access your accounts increases your security significantly.  But even two factor authentication can be cracked, remember the only completely secure computer is the completely unusable one.

With data everywhere these days, everyone needs to understand at least the basics of Computer Security as it applies to them.  I'm happy to help train, explain, and setup a system that works for you.

My hacking career began at age 12, when my father brought home a Sinclair ZX-81 computer kit and a lifelong fascination with computing was born. I became a privacy and security advocate after learning of the US Government's criminal investigation against Phil Zimmermann. Years later I found myself in Silicon Valley being paid to hack Phil's PGP code. I soon tired of the rat race and moved to the Northwoods of Minnesota where I have over 2 million acres of protected wilderness to roam. Here I indulge in my passions for wilderness and technology and as an advocate for computer security and privacy.

Posted in Technical.

My hacking career began at age 12, when my father brought home a Sinclair ZX-81 computer kit and a lifelong fascination with computing was born. I became a privacy and security advocate after learning of the US Government's criminal investigation against Phil Zimmermann. Years later I found myself in Silicon Valley being paid to hack Phil's PGP code. I soon tired of the rat race and moved to the Northwoods of Minnesota where I have over 2 million acres of protected wilderness to roam. Here I indulge in my passions for wilderness and technology and as an advocate for computer security and privacy.

Leave a Reply

Your email address will not be published. Required fields are marked *