If you read the kinds of news feeds and websites I do, you can’t help but have come away with the breathless, panicky sense that the cyber world is collapsing in on itself as the result of what has been, so far, three unrelated technical glitches involving United Airlines, the New York Stock Exchange, and the Wall Street Journal.
While it may yet prove that some or all of these were attacks and that those attacks may have somehow been linked, it’s important to remember that nearly all of the rest of the unimaginable amalgam we call the internet is still working just fine. Attempts to label the glitches that have occurred miss the point that, even with the most widespread attacks that have so far occurred, most of the internet kept right on as it always had.
That’s not to say we shouldn’t all be vigilant, because we should, or that we should accept the explanations the various victims have put out that these aren’t attacks, because half the time they don’t even know they’ve been attacked until someone else points out they have, but rather to say that attacks on the internet are more like two armies trying to play capture the flag in a dismal swamp than cyber-themed nuclear holocaust.
It may yet turn out these were attacks, and the attacks may yet get worse, but more than likely, even if they do, it won’t be the end of things, and if it turns out to be, there will be no doubt it is.
DLH
There are those who will see the latest LastPass hack as a vindication of their view that online password managers are a disaster waiting to happen. Frankly, despite some of the hyperbolic headlines, I believe the concept is still sound.
Here’s why:
First, it’s nearly impossible for any particular user to manage his internet presence without a password manager simply because reusing usernames and passwords becomes more inevitable if you’re generating them any other way than a manager, and reuse of easily remembered passwords is a far greater vulnerability. LastPass has a good reputation for fixing its mistakes and continuing to work hard to safeguard user data, so in the rub, a service like LastPass is still the way to go.
Second, the way LastPass protects the most important asset we entrust to them–usernames and passwords to other sites–is still fundamentally sound. Even if hackers manage to break the encryption on any individual set of user data, that likely does not give them access to everyone’s data.
Third, like most reputable web services, LastPass allows for additional safeguards like multifactor authentication to help further increase security. Using LastPass at the highest security setting is still the safest bet over the same username and password over and over.
Granted, the damage could still be more severe that LastPass currently knows, but my view right now is that it is not and the service is still safe. If it proves to be otherwise, we’ll have to dig into alternatives.
DLH
More than any other thing, what surprises me about the Sony hack is how unprepared anyone seemed to be for something like this to happen. To me, it seems like it was almost inevitable, yet Sony has taken down its network for days and does not seem to have any remedy for the problems that happened in the first place. Meanwhile, users whose information has been compromised seem to be as paralyzed as Sony itself.
Beneath all of this lies a simple fact: individual user data has value to criminals and, because of that value, is going to be pursued with diligence by criminals capable of exploiting it. Companies offering online services, especially ones that involve financial or private, personally identifiable information, must commit themselves to making the protection of that information their highest priority, even ahead of profit. Unless companies make security their priority, they won’t have to worry about profit.
Consumers, on the other hand, cannot simply sit back and expect companies to protect their information. Every individual who has that kind of information online must assume that it is going to be stolen and must do due diligence in protecting themselves from theft. If the consumers do not, then the damage done by such theft is as much their responsibility as it is the companies whose systems are compromised.
Finally, consumers, companies, credit providers, and banks alike must all work toward establishing more sophisticated ways of securing individual data. Simple firewall and encryption methods no longer suffice and need to be replaced with methods that more closely tie online data to its owners.
For the time being, there are simple steps anyone can take to ensure they are protecting themselves:
- Only use credit cards or proxy money services (like PayPal) online. Never, ever use your debit card (I know this from firsthand experience), and monitor your bank accounts regularly for unfamiliar transactions.
- Monitor credit card accounts for unfamiliar transactions and dispute such transactions through the credit card’s fraud protection service as soon as they appear.
- Monitor your credit using the free credit report service authorized required under federal law. Be familiar with your outstanding credit and be vigilant for new credit lines you did not open.
- If you know your identity has been compromised, consider using a credit monitoring service and consider freezing your credit.
DLH
Internet, Security
Armageddon, attacks, cybergeddon, glitches, reality check
0