An attack on the South Carolina Department of Revenue exposed 3.6 million social security numbers, and about 387,000 credit and debit card numbers of South Carolina residents. Data breaches like this are so common, they are barely newsworthy… and we certainly try not to cover every single data breach event on this blog. However, today’s followup to the story is what made it interesting. Governor Nikki Haley went on the record in a press conference trying to defend their lack of good practices. I’ve embedded the video below and hopefully it will start at the good part, 12:43 into the video: This is a really good example of sending the wrong kind of message. I understand her desire to defend[…]
Category: data protection
Vavada - это онлайн-казино, предоставляющее широкий выбор азартных игр, включая слоты, рулетку, блэкджек и другие. Vavada привлекает игроков разнообразными бонусами и акциями.
Yesterday, this story on Wired was making the rounds: How a Google Headhunter’s E-mail Unraveled a Massive Net Security Hole. Sure, the title is probably hyperbole, but it is an interesting story. At a high level, mathematician Zach Harris noticed that emails from Google – and from several other prominent domains including eBay, PayPal, Yahoo, Amazon, etc. – could be spoofed. Anyone who has ever run telnet to port 25 and sent an email from santaclaus@northpole.net or billgates@microsoft.com knows that email has always been pretty easy to spoof. Given the rise in unsolicited emails also known as spam, something had to be done. In 2006, a working group was founded to try and create a standard that would make email harder to[…]
Data leaks in very interesting ways. The other night I was watching one of the political conventions, and the camera crew of the station I was watching loved to cut away from the speaker to catch glimpses of the crowd reactions. When I saw this image, I thanked %deity% for my TiVo, paused, and rewound a bit. Then, I took a picture of the TV with my cellphone. Sure enough, this woman – Edith Byrd – is proudly showing the camera her Medicare card. And, the broadcaster is sending out a full 1080p high definition signal, meaning that I could read every detail of the woman’s card. (It’s far more readable on my TV than in this picture.) I see[…]
It’s a little embarrassing to admit, but it seems that the mistakes of one person globally syndicated columnist have led to a rapid increase in the acceptance and use of two-factor authentication technologies for authentication. Within the last week, I have set up both my Dropbox account and this very blog with two-factor authentication. Mat Honan’s sordid tale did a lot to raise awareness of how passwords are imperfect as an authentication mechanism, as have the many password breaches that have occurred over the years. Most interesting, though, is how Google created and freely released Google Authenticator as an open source application and how quickly organizations have begun to embrace it. While I’ve traditionally been a PKI guy (I know,[…]
Since every time I posted my previous article people were asking questions, I wrote up the following as a Facebook comment and figured it deserved repeat posting here. Note that there’s an article in our archives which is similar but not as specific as this one. Get ready for your cryptography lesson. A hash is a one-way function. This means that given some input, it creates some seemingly random output. It is one-way in that you can’t do math on the output to get back to the input. So, “abc” -> (hash function) -> A9993E364706816ABA3E25717850C26C9CD0D89D and there’s no way to get “abc” back from that nasty string. UNLESS you have taken the time to generate what’s called a rainbow table. Hackers[…]
You might have heard that LinkedIn had its password database breached, and news of it is trickling out today. There are a number of write-ups about it in most of the usual places, and Martin McKeay has a post with links to some of the better ones. The reason I’m writing about this is not to alert you, or that I’m annoyed I have to change another password. Two things really bother me about this. The first is the eerie similarity between this event and the Gawker password breach I wrote about almost exactly eighteen months ago. Both of these events made news because they were leaks of unsalted password hashes. And, although I didn’t write it in my blog post that day, two[…]