|By Shelly Palmer||
|January 5, 2014 03:01 AM EST||
If we learned anything this past year, it’s that information we store online is exceptionally vulnerable. Our metadata (the data that describes who we are and what we do) is in the hands of people who are about as successful at protecting it as 1850′s bankers were at protecting money in the Old West. Sure, the metal safe looked strong and secure, but a motived bank robber with a stick of dynamite had all the tools required. In just the past few weeks hackers have had their way with Target Stores, Snapchat and thousands of other “targets of opportunity” that you will never hear about.
How do they do it? Every way you can imagine (and a bunch of ways you can’t).
We can start with the government. It’s not strictly hacking; it’s more like manhandling, but… by now it should be abundantly clear that the NSA has access to everything that it wants to have access to. Everything on your iPhone, your Wi-Fi signal, laptops you bought online, your private cell phone conversations, your email address books… the list goes on and on and on. At this point, anything the NSA wants to know about you, it will know about you.
I’m not making a political statement, nor am I suggesting that there is anything right or wrong with the government having access to virtually everything it wants to have access to. That said, there are all kinds of additional security issues caused by systems that allow certain information to be tracked by some systems, but not by others. To say nothing of the psychological issues caused by the knowledge that when you are connected, your electronic trail is available. And, for all practical purposes, cannot ever be erased.
Add to this, malicious hackers who are interested in profiting from the sale of your information, interested in making a name for themselves or simply trying to make a point about something. There’s nothing anyone can do about this group of hackers or these types of hacks. They are a fact of life in the Information Age. However, there are a few things you can do to protect yourself in 2014.
Target’s Black Friday Breach
Over 40 million credit cards were compromised after a massive attack on Target during the weeks leading up to Christmas. There’s nothing much Target can do to help you at this point. Sure, its CEO is offering free credit monitoring, the company is on the hook for $3.6 billion in fines and banks are capping cash withdrawals after it was announced that yes, the breach compromised PIN numbers, too, even though Target initially said they were safe – they’re not safe and you’re on your own.
If you shopped at Target between the middle of November and the middle of December, there’s a good chance your card is compromised. If your bank hasn’t canceled your card already, strongly consider calling up your credit card company and canceling it yourself. Here’s a helpful guide as to what to do if your credit card is stolen. Basically: cancel your card, monitor your statements, create a fraud alert, and move on.
Target’s breach was both better and worse than most other hacks we saw in 2013. It was worse because its repercussions could be of a greater impact than having your Yahoo password stolen, for instance. Having someone gain access to your credit card info could max out your credit cards and destroy your credit score. But it’s better because every financial institution is aware of the breach, and most credit cards have fraud protection, ensuring you won’t be stuck paying for anything you didn’t actually buy.
Target’s breach was also an example of just how helpless we are. All you did was buy Christmas presents, or maybe just some groceries, and suddenly your life became far more complicated and annoying. And, this is just the beginning – expect this kind of thing to happen on a regular basis – truly, nothing can stop it.
Snapchat’s Phone Number Leak
It’s already known that even though Snapchat is designed to make it seem like your snaps (the photos you send your friends and family) disappear once you open them, anyone can actually save them without you even knowing. Forget a “Screenshot!” alert; you can sneak in through the back door of Snapchat and save anything and everything you receive. While it’s not a hack organized crime would bother with, it’s worth repeating that snaps and every other picture you ever take with a digital camera enter the body of knowledge of mankind and will be seen by everyone in the world. So, “Carlos Danger,” never take a picture of something you don’t want the world to see.
Back to bigger hacks. This past August, Gibson Security published a report that said the coding in Snapchat made it possible for anyone to find out a bunch of information about any account, including your username and phone number. Gibson published a new report about the same thing in December, which Snapchat addressed by saying that it wasn’t an issue. Well, it turns out that Snapchat was wrong and that it was, in fact, an issue. A website called snapchatDB posted SQL/CSV files that contain the username and associated phone number for a “vast majority” of the service’s users – over 4.6 million users, to be precise.
There’s not a lot of text-based private information on Snapchat – you don’t need to fill in too many fields to start texting selfies to your friends. But Snapchat’s user base is mostly teens and tweens, and Kevin Poulsen of Wired Magazine points out the biggest fallout from this leak: possible stalking. How’s that for your first tech life lesson? Don’t have fun with your friends or you might be harassed because bad men want to ruin your day!
What Can We Do?
The most important thing we can do is to remain vigilant. Keep track of everything, and if anything seems suspicious, act on it. Start getting a bunch of weird emails? Can’t log in to an account you should be able to? See some weird pending charges on your credit card statement? Take action!!! YOU are the best defense against the mean, awful, angry world of hacking.
If you suspect your accounts are compromised, change your passwords. Make them as secure as can be. Spending a few extra seconds typing in a password every once in a while is worth it to make your account more difficult to crack. Use the guidelines I laid out. It might seem like a hassle, but keeping unique passwords for every site you use (I know, you probably have accounts for dozens if not hundreds of sites) will keep all your other accounts secure. But it’s (arguably) better than the alternative: having one hacked site force you to change dozens of passwords at once.
If your credit card statement looks funky, call your bank immediately. Dispute any charges, then cancel your card. People can get your credit card information any number of ways; banks (usually) won’t hold that against you. Be proactive, rather than reactive, and make sure you’re protected.
Lastly, and most importantly, keep all of your credit card numbers and the associated contact information for canceling your cards in a place where you can quickly, securely get to them. Using a password wallet or other specialized software will make it much easier to go through the process. “Best practices” says to keep copies of this data in several different places (including on paper) and stored as safely as you store your household cash or jewelry. The goal is to be able to quickly contact every credit provider. That’s all you can do. The hacks we’re seeing now are being done by professionals who simply want to sell your information and defraud the financial institutions you patronize — they don’t care about you personally — it’s strictly business.
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, will discuss how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team a...
Oct. 26, 2016 09:30 PM EDT Reads: 635
Join Impiger for their featured webinar: ‘Cloud Computing: A Roadmap to Modern Software Delivery’ on November 10, 2016, at 12:00 pm CST. Very few companies have not experienced some impact to their IT delivery due to the evolution of cloud computing. This webinar is not about deciding whether you should entertain moving some or all of your IT to the cloud, but rather, a detailed look under the hood to help IT professionals understand how cloud adoption has evolved and what trends will impact th...
Oct. 26, 2016 09:00 PM EDT Reads: 581
SYS-CON Events announced today that Transparent Cloud Computing (T-Cloud) Consortium will exhibit at the 19th International Cloud Expo®, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. The Transparent Cloud Computing Consortium (T-Cloud Consortium) will conduct research activities into changes in the computing model as a result of collaboration between "device" and "cloud" and the creation of new value and markets through organic data proces...
Oct. 26, 2016 08:15 PM EDT Reads: 1,473
SYS-CON Events announced today that Enzu will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to focus on the core of their online busine...
Oct. 26, 2016 08:00 PM EDT Reads: 1,418
In the next five to ten years, millions, if not billions of things will become smarter. This smartness goes beyond connected things in our homes like the fridge, thermostat and fancy lighting, and into heavily regulated industries including aerospace, pharmaceutical/medical devices and energy. “Smartness” will embed itself within individual products that are part of our daily lives. We will engage with smart products - learning from them, informing them, and communicating with them. Smart produc...
Oct. 26, 2016 08:00 PM EDT Reads: 1,569
Qosmos, the market leader for IP traffic classification and network intelligence technology, has announced that it will launch the Launch L7 Viewer at CloudExpo | @ThingsExpo Silicon Valley, being held November 1 – 3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. The L7 Viewer is a traffic analysis tool that provides complete visibility of all network traffic that crosses a virtualized infrastructure, up to Layer 7. It facilitates and accelerates common IT tasks such as VM migra...
Oct. 26, 2016 07:30 PM EDT Reads: 389
WebRTC adoption has generated a wave of creative uses of communications and collaboration through websites, sales apps, customer care and business applications. As WebRTC has become more mainstream it has evolved to use cases beyond the original peer-to-peer case, which has led to a repeating requirement for interoperability with existing infrastructures. In his session at @ThingsExpo, Graham Holt, Executive Vice President of Daitan Group, will cover implementation examples that have enabled ea...
Oct. 26, 2016 07:00 PM EDT Reads: 2,352
In past @ThingsExpo presentations, Joseph di Paolantonio has explored how various Internet of Things (IoT) and data management and analytics (DMA) solution spaces will come together as sensor analytics ecosystems. This year, in his session at @ThingsExpo, Joseph di Paolantonio from DataArchon, will be adding the numerous Transportation areas, from autonomous vehicles to “Uber for containers.” While IoT data in any one area of Transportation will have a huge impact in that area, combining sensor...
Oct. 26, 2016 06:30 PM EDT Reads: 1,090
SYS-CON Events announced today that Coalfire will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Coalfire is the trusted leader in cybersecurity risk management and compliance services. Coalfire integrates advisory and technical assessments and recommendations to the corporate directors, executives, boards, and IT organizations for global brands and organizations in the technology, cloud, health...
Oct. 26, 2016 06:30 PM EDT Reads: 1,664
November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Penta Security is a leading vendor for data security solutions, including its encryption solution, D’Amo. By using FPE technology, D’Amo allows for the implementation of encryption technology to sensitive data fields without modification to schema in the database environment. With businesses having their data become increasingly more complicated in their mission-critical applications (such as ERP, CRM, HRM), continued ...
Oct. 26, 2016 06:15 PM EDT Reads: 1,152
In his session at 19th Cloud Expo, Claude Remillard, Principal Program Manager in Developer Division at Microsoft, will contrast how his team used config as code and immutable patterns for continuous delivery of microservices and apps to the cloud. He will show the immutable patterns helps developers do away with most of the complexity of config as code-enabling scenarios such as rollback, zero downtime upgrades with far greater simplicity. He will also have live demos of building immutable pipe...
Oct. 26, 2016 05:45 PM EDT Reads: 1,661
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
Oct. 26, 2016 05:30 PM EDT Reads: 1,519
SYS-CON Events announced today that Cloudbric, a leading website security provider, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Cloudbric is an elite full service website protection solution specifically designed for IT novices, entrepreneurs, and small and medium businesses. First launched in 2015, Cloudbric is based on the enterprise level Web Application Firewall by Penta Security Sys...
Oct. 26, 2016 05:15 PM EDT Reads: 1,285
WebRTC sits at the intersection between VoIP and the Web. As such, it poses some interesting challenges for those developing services on top of it, but also for those who need to test and monitor these services. In his session at WebRTC Summit, Tsahi Levent-Levi, co-founder of testRTC, reviewed the various challenges posed by WebRTC when it comes to testing and monitoring and on ways to overcome them.
Oct. 26, 2016 05:00 PM EDT Reads: 4,207
"Matrix is an ambitious open standard and implementation that's set up to break down the fragmentation problems that exist in IP messaging and VoIP communication," explained John Woolf, Technical Evangelist at Matrix, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Oct. 26, 2016 05:00 PM EDT Reads: 9,072