The recent web site attacks by popular hacker group <a href="http://twitter.com/#!/lulzsec"lulzsec have shown two main things:
Firstly, it’s a jungle out there. The CIA, banks, governments, are all targets for an organised bunch of techies. Basically, whoever you bank with, if you are just covered by a password or two (PIN + password) then you are dangerously vulnerable. Vulnerable to brute-force hacking, vulnerable to phishing, or vulnerable to malware, which might track every key you type.
Secondly, security on the WWW sucks, in general. If banks, government agencies, and so on, can’t get it right, can you trust a friendly site like facebook to store your details properly? If you use the same password for your gmail account and for your your facebook account, if a leak in facebook allows hackers to learn your password, then your gmail account is vulnerable. And, if you use that password for online banking (or paypal, or anything that *knows* your payment card details) then you are looking at a security hole.
Lulzsec have shown that it is so easy to penetrate any web site that they choose, that it’s almost pointlesss to attempt to prepare against malicious attack. I disagree, and think that there are many things that we can do to mitigate any vulnerability.
Once, I had a credit card for less than 24 hours before it was withdrawn by the issuer – a shame, as it had five or six zeroes in a row, which I think is cool. Turns out, a major CD retailer in the UK had been compreomised and in that window I’d used my new card, which was not only useful to scrape the ice off my windscreen.
So, how to mitigate? Firstly, lie. Unless it’s a bank, if it asks your birthday, give your fathers, brothers, favourite pop-star, whatever – but change the year to suit your demographic. If it wants your mother’s maiden name, give it your first pet’s name, as another example.
Be consistent, so you can do this with many web sites – but do not do this with *important* accounts, like online banking. They should all have unique passwords. #separate accounts into groups – change-your-life important ones, major inconvenience ones, and low convenience ones. Use a different password policy for each one . . .
As the online world evolves, it’s important that us early adopters are aware of the current problems. We all need to wear a black-hat at times, because we cannot trust the banks and merchants to do this for us. We should all insist on personal key-generation devices (my Luxembourg bank gave me one by default), for example. These, when powered on, give a passcode to be used to authenticae you to the web site.
We should all use an up-to-date browser and plugins, we should regularly test the systems that we trust our personal details with, and we should have the skill to work out where the intrusion in the train is, when things go wrong. These days, I reckon that less than 1% of visitors to this blog, and less than 0.01% of online personas would know how to do these things.
I am amazed at the difference in my browsing experience when in Luxembourg.
I am used to the same sidebar adverts on web sites when I am in the UK, even when I worked for an apparently paranoid USA company that funnelled everything through a US gateway – handily named ukgateway.company.com.
But here, Google results have different adverts, and web sites have different adverts too. This reminds me of this XKCD cartoon. I don’t often see adverts for chicks, but “cartoonifying” myself or touching up my photo (why should I touch up my photo when I have myself to hand???) are very common. What does that tell me about the Luxembourgish or Germans (I work for a German company).
The adverts on TV are also a little different. I watch motorsport, and only German programmes are available in my apartment. I can say with some certainty that no ad-break goes past without an advert for men’s shampoo. Seriously. I don’t get it, it’s not like the average German male head looks any different to the average UK male head. (Whereas, the average Greek male head is balder than the other two.) I just don’t understand this – how did this market develop? Do German men look down on my hair (if they are tall enough) because it lacks the body and stiffness that their products provide?
(And, personally, I think that “shiny, happy people” refers to us men with excess testosterone causing male pattern blindness.)