Tuesday, June 18, 2013
Why Security Isn't Secure
I read an interesting article in Wired the other day called "Kill the Password: Why a String of Characters Can't Protect Us Anymore". It was terrifying. I feel like I just can't trust anyone anymore. In it, author Mat Honan talked about how in a matter of days, his entire life was erased by a hacker that got access to his Twitter, Gmail, Facebook and more. He also posted a really terrifying chat transcript with Applecare where in under 20 lines, he got the Applecare representative to give him access to have a new password and changed the password.
His basic argument is pretty easy actually-- terrifyingly so. Start with basic information about someone, plug that into any one of many shady sites where I can acquire social security numbers for next to no money, combine that with publicly known information (address, phone number, first car, hometown, high school mascot) and you're pretty much in. If someone uses the same password for multiple platforms, your job is done! If not, you can definitely use a hacked gmail account to change passwords/gain access to other applications just by clicking "forgot password". Terrifying.
The one thing that this made me realize is how tenuous our relationship with "security" is, and actually, why we still think that we're so secure. Do we really think that those 6-8 alphanumeric characters are really going to keep our bank accounts safe? Especially in light of all the information that we're freely publishing on Facebook and Twitter? Maybe those Luddites had it right when they decided not to get involved in that hullabaloo altogether. Also, do I care if someone hacks into my Facebook (apparently someone hacked into his social media accounts and started posting hate speech) if it's obviously not me? (I'm a lover, not a fighter.) Also, why do people do this? (The answer is that they're kids pretty much who are doing it, and they're doing it because...well, why not?) More terrifying.
Excuse me while I go change every single application that I own.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment