|By Shelly Palmer||
|January 5, 2014 03:01 AM EST||
If we learned anything this past year, it’s that information we store online is exceptionally vulnerable. Our metadata (the data that describes who we are and what we do) is in the hands of people who are about as successful at protecting it as 1850′s bankers were at protecting money in the Old West. Sure, the metal safe looked strong and secure, but a motived bank robber with a stick of dynamite had all the tools required. In just the past few weeks hackers have had their way with Target Stores, Snapchat and thousands of other “targets of opportunity” that you will never hear about.
How do they do it? Every way you can imagine (and a bunch of ways you can’t).
We can start with the government. It’s not strictly hacking; it’s more like manhandling, but… by now it should be abundantly clear that the NSA has access to everything that it wants to have access to. Everything on your iPhone, your Wi-Fi signal, laptops you bought online, your private cell phone conversations, your email address books… the list goes on and on and on. At this point, anything the NSA wants to know about you, it will know about you.
I’m not making a political statement, nor am I suggesting that there is anything right or wrong with the government having access to virtually everything it wants to have access to. That said, there are all kinds of additional security issues caused by systems that allow certain information to be tracked by some systems, but not by others. To say nothing of the psychological issues caused by the knowledge that when you are connected, your electronic trail is available. And, for all practical purposes, cannot ever be erased.
Add to this, malicious hackers who are interested in profiting from the sale of your information, interested in making a name for themselves or simply trying to make a point about something. There’s nothing anyone can do about this group of hackers or these types of hacks. They are a fact of life in the Information Age. However, there are a few things you can do to protect yourself in 2014.
Target’s Black Friday Breach
Over 40 million credit cards were compromised after a massive attack on Target during the weeks leading up to Christmas. There’s nothing much Target can do to help you at this point. Sure, its CEO is offering free credit monitoring, the company is on the hook for $3.6 billion in fines and banks are capping cash withdrawals after it was announced that yes, the breach compromised PIN numbers, too, even though Target initially said they were safe – they’re not safe and you’re on your own.
If you shopped at Target between the middle of November and the middle of December, there’s a good chance your card is compromised. If your bank hasn’t canceled your card already, strongly consider calling up your credit card company and canceling it yourself. Here’s a helpful guide as to what to do if your credit card is stolen. Basically: cancel your card, monitor your statements, create a fraud alert, and move on.
Target’s breach was both better and worse than most other hacks we saw in 2013. It was worse because its repercussions could be of a greater impact than having your Yahoo password stolen, for instance. Having someone gain access to your credit card info could max out your credit cards and destroy your credit score. But it’s better because every financial institution is aware of the breach, and most credit cards have fraud protection, ensuring you won’t be stuck paying for anything you didn’t actually buy.
Target’s breach was also an example of just how helpless we are. All you did was buy Christmas presents, or maybe just some groceries, and suddenly your life became far more complicated and annoying. And, this is just the beginning – expect this kind of thing to happen on a regular basis – truly, nothing can stop it.
Snapchat’s Phone Number Leak
It’s already known that even though Snapchat is designed to make it seem like your snaps (the photos you send your friends and family) disappear once you open them, anyone can actually save them without you even knowing. Forget a “Screenshot!” alert; you can sneak in through the back door of Snapchat and save anything and everything you receive. While it’s not a hack organized crime would bother with, it’s worth repeating that snaps and every other picture you ever take with a digital camera enter the body of knowledge of mankind and will be seen by everyone in the world. So, “Carlos Danger,” never take a picture of something you don’t want the world to see.
Back to bigger hacks. This past August, Gibson Security published a report that said the coding in Snapchat made it possible for anyone to find out a bunch of information about any account, including your username and phone number. Gibson published a new report about the same thing in December, which Snapchat addressed by saying that it wasn’t an issue. Well, it turns out that Snapchat was wrong and that it was, in fact, an issue. A website called snapchatDB posted SQL/CSV files that contain the username and associated phone number for a “vast majority” of the service’s users – over 4.6 million users, to be precise.
There’s not a lot of text-based private information on Snapchat – you don’t need to fill in too many fields to start texting selfies to your friends. But Snapchat’s user base is mostly teens and tweens, and Kevin Poulsen of Wired Magazine points out the biggest fallout from this leak: possible stalking. How’s that for your first tech life lesson? Don’t have fun with your friends or you might be harassed because bad men want to ruin your day!
What Can We Do?
The most important thing we can do is to remain vigilant. Keep track of everything, and if anything seems suspicious, act on it. Start getting a bunch of weird emails? Can’t log in to an account you should be able to? See some weird pending charges on your credit card statement? Take action!!! YOU are the best defense against the mean, awful, angry world of hacking.
If you suspect your accounts are compromised, change your passwords. Make them as secure as can be. Spending a few extra seconds typing in a password every once in a while is worth it to make your account more difficult to crack. Use the guidelines I laid out. It might seem like a hassle, but keeping unique passwords for every site you use (I know, you probably have accounts for dozens if not hundreds of sites) will keep all your other accounts secure. But it’s (arguably) better than the alternative: having one hacked site force you to change dozens of passwords at once.
If your credit card statement looks funky, call your bank immediately. Dispute any charges, then cancel your card. People can get your credit card information any number of ways; banks (usually) won’t hold that against you. Be proactive, rather than reactive, and make sure you’re protected.
Lastly, and most importantly, keep all of your credit card numbers and the associated contact information for canceling your cards in a place where you can quickly, securely get to them. Using a password wallet or other specialized software will make it much easier to go through the process. “Best practices” says to keep copies of this data in several different places (including on paper) and stored as safely as you store your household cash or jewelry. The goal is to be able to quickly contact every credit provider. That’s all you can do. The hacks we’re seeing now are being done by professionals who simply want to sell your information and defraud the financial institutions you patronize — they don’t care about you personally — it’s strictly business.
In IT, we sometimes coin terms for things before we know exactly what they are and how they’ll be used. The resulting terms may capture a common set of aspirations and goals – as “cloud” did broadly for on-demand, self-service, and flexible computing. But such a term can also lump together diverse and even competing practices, technologies, and priorities to the point where important distinctions are glossed over and lost.
Dec. 10, 2016 11:45 PM EST Reads: 1,795
"We're a cybersecurity firm that specializes in engineering security solutions both at the software and hardware level. Security cannot be an after-the-fact afterthought, which is what it's become," stated Richard Blech, Chief Executive Officer at Secure Channels, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Dec. 10, 2016 11:15 PM EST Reads: 1,218
All clouds are not equal. To succeed in a DevOps context, organizations should plan to develop/deploy apps across a choice of on-premise and public clouds simultaneously depending on the business needs. This is where the concept of the Lean Cloud comes in - resting on the idea that you often need to relocate your app modules over their life cycles for both innovation and operational efficiency in the cloud. In his session at @DevOpsSummit at19th Cloud Expo, Valentin (Val) Bercovici, CTO of Soli...
Dec. 10, 2016 10:15 PM EST Reads: 2,072
"Once customers get a year into their IoT deployments, they start to realize that they may have been shortsighted in the ways they built out their deployment and the key thing I see a lot of people looking at is - how can I take equipment data, pull it back in an IoT solution and show it in a dashboard," stated Dave McCarthy, Director of Products at Bsquare Corporation, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Dec. 10, 2016 09:15 PM EST Reads: 1,354
Everyone knows that truly innovative companies learn as they go along, pushing boundaries in response to market changes and demands. What's more of a mystery is how to balance innovation on a fresh platform built from scratch with the legacy tech stack, product suite and customers that continue to serve as the business' foundation. In his General Session at 19th Cloud Expo, Michael Chambliss, Head of Engineering at ReadyTalk, discussed why and how ReadyTalk diverted from healthy revenue and mor...
Dec. 10, 2016 07:30 PM EST Reads: 1,820
Whether your IoT service is connecting cars, homes, appliances, wearable, cameras or other devices, one question hangs in the balance – how do you actually make money from this service? The ability to turn your IoT service into profit requires the ability to create a monetization strategy that is flexible, scalable and working for you in real-time. It must be a transparent, smoothly implemented strategy that all stakeholders – from customers to the board – will be able to understand and comprehe...
Dec. 10, 2016 07:00 PM EST Reads: 4,156
What happens when the different parts of a vehicle become smarter than the vehicle itself? As we move toward the era of smart everything, hundreds of entities in a vehicle that communicate with each other, the vehicle and external systems create a need for identity orchestration so that all entities work as a conglomerate. Much like an orchestra without a conductor, without the ability to secure, control, and connect the link between a vehicle’s head unit, devices, and systems and to manage the ...
Dec. 10, 2016 06:45 PM EST Reads: 1,105
The Internet of Things (IoT) promises to simplify and streamline our lives by automating routine tasks that distract us from our goals. This promise is based on the ubiquitous deployment of smart, connected devices that link everything from industrial control systems to automobiles to refrigerators. Unfortunately, comparatively few of the devices currently deployed have been developed with an eye toward security, and as the DDoS attacks of late October 2016 have demonstrated, this oversight can ...
Dec. 10, 2016 06:30 PM EST Reads: 1,551
SYS-CON Events has announced today that Roger Strukhoff has been named conference chair of Cloud Expo and @ThingsExpo 2017 New York. The 20th Cloud Expo and 7th @ThingsExpo will take place on June 6-8, 2017, at the Javits Center in New York City, NY. "The Internet of Things brings trillions of dollars of opportunity to developers and enterprise IT, no matter how you measure it," stated Roger Strukhoff. "More importantly, it leverages the power of devices and the Internet to enable us all to im...
Dec. 10, 2016 06:30 PM EST Reads: 1,035
You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time. In his session at 19th Cloud Expo, Mark Allen, General Manager of...
Dec. 10, 2016 06:30 PM EST Reads: 1,972
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...
Dec. 10, 2016 06:15 PM EST Reads: 1,098
"ReadyTalk is an audio and web video conferencing provider. We've really come to embrace WebRTC as the platform for our future of technology," explained Dan Cunningham, CTO of ReadyTalk, in this SYS-CON.tv interview at WebRTC Summit at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Dec. 10, 2016 05:30 PM EST Reads: 1,012
Financial Technology has become a topic of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 20th Cloud Expo at the Javits Center in New York, June 6-8, 2017, will find fresh new content in a new track called FinTech.
Dec. 10, 2016 05:15 PM EST Reads: 2,384
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...
Dec. 10, 2016 05:15 PM EST Reads: 1,427
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
Dec. 10, 2016 04:30 PM EST Reads: 1,932