Brain Enema of a Savage Mind

Damn, I Got Pwn’d!

It appears I fell victim to an SQL injection hack on this website.  From the looks of it, it either happened late last night or early this morning.  I actually only caught it as quick as I did because my page was loading so slowly I checked to see what the hang up was and found it was attempting to connect to some weird ass site.  Looking that site up online I found that many WordPress sites hosted by my provided had fallen victim.  An improperly patched version of SQL perhaps?  They have a notice on their site about it, though they don’t go in to much detail, though it’s pretty obvious it was something on their end.  Fortunately they gave very good instructions on how to quickly remove the attack.  Then I went through the tedious nature of changing every password associated with my webhost and this blog.  Nothing like 16 character completely random generated passwords.  Password managers are a wonderful thing.

All seems to be right.  Looking through this page and back posts reveal the malicious site in question is no longer linked anywhere.  Anyone can screw up, but if it happens again I might be looking about for a new web host.  For now, however, it seems no harm, no foul.

Network connections, the ticking time bomb.

I stumbled upon an interesting article comparing the safety of the internet to both a wild west frontier, and a place ruled by the “laws of the jungle”.  The article details data that was collected about the number, frequency, and scale of attacks on major corporate and governmental networks.  The scary part isn’t that this attacks happen, but how successful they can be.  Each iteration of attack is more sophisticated than the next.  This is going beyond the mere script kiddie attacks that have been common for quite awhile.  The level of sophistication used shows and organization of the attacks, and some sort of infrastructure.

The news has recently talked about these so-called “cyber attacks” by China on various governments and companies around the globe.  While these are the more publicized attacks, the majority of them appear to be coming from highly technical criminal enterprises.  The motive is the same as it always has been with these types of organizations: money.

Companies don’t want to talk about it when these things happen.  Even if they are successful in fending off would-be black mailers or corporate data hijackers, they don’t want to report the attempts.  Fear of a decline in stock prices, giving off the appearance of being weak or vulnerable, or just the all to common veil of corporate secrecy are some of the reasons that these situations are never made public.

What’s even more frightening is that in this time of recession, companies are cutting their security budgets.  They are trying to make due with less.  Meanwhile those who would plunder them are increasing their resources and finding new ways to infiltrate protected networks.  When there are threats on someones physical well-being the typical response isn’t to slash the number of security personnel protecting them, it’s to increase it.  Yet when it comes to data, the life blood of corporate America, this is exactly what they are doing – cutting back security in an attempt to save a couple of bucks.  It’s another striking example of short-sightedness that can end up costing companies more in the long run.

Protecting our networks against these threats is a monumental task.  The internet is a global entity, policing it is near impossible as all governments work under their own set of laws, seldom working well with others.  Attempts at working together often lead to tangled, and slow moving bureaucracies.  Governments are not designed to be quick and responsive, however the internet is an ever changing rapidly evolving place.  It requires a quickness of response.

There’s not a clear cut solution to this.  Just as with any other type of crime there is no fool-proof system that can’t be cracked.  Education and ever evolving security practices can minimize the risk.  Just like you shouldn’t walk through a bad part of town with a wallet stuffed with cash, corporate networks shouldn’t leave their data out in the wind, unprotected where someone with a little technical aptitude can get at it.

Home backup strategy

Sure, I’d love to have a nice tape backup system where I could rotate tapes on a regular basis, keeping a set safely offsite somewhere – but for my home life it’s unrealistic in terms of both time and money.  Still, that doesn’t mean I can’t take some reasonable precautions to make sure that my data will be safe.  I use a multi-tiered home strategy that took just a little bit of time and effort to get up and running, but after that mostly attends to itself.

Continue reading…

Princess? Really?

Recently there was a massive password breach at the social media provider RockYou.  32 million passwords were exposed.  Of course the most alarming part of this is that when the passwords were analyzed the following were the top ten most frequent passwords out a dataset of 32 million passwords (really, just can’t emphasize that size enough):

123456
12345
123456789
Password
iloveyou
princess
rockyou
1234567
12345678
abc123

These passwords illustrate one of the fundamental security problems faced today.  While there are exploits in code to be found, sometimes the best way to break in to a place is to just waltz in through the front door.  Users often complain that remembering passwords is too difficult, and like to keep things as simple as possible.  It’s another example of people not taking their data seriously.  You don’t fully appreciate what your data is worth until someone you don’t want to have access to it manages to get a hold of it.

People need to get in to the habit of practicing better password security.  Even if you have a difficult password with letters, numbers, and special characters writing it down on a Post-It note next to your computer is the same as buying a fancy high tech lock for your front door but then leaving the key in it.  There are great password managers out there that encrypt your passwords with a single password.

But seriously, princess?

Big Brother is Watching from Mountain View

People trust Google.  Or perhaps it isn’t trust, perhaps people are willing to set aside trust in order to obtain ease of use and convenience.  I’ll admit, I fall in to that camp in regards to certain things.  I make use of GMail.  I use their calendaring to sync up my calendar between my different devices.  I’ve stayed away from Google Reader, but that has more to do with the fact that I really like the NewsFire™ app that I use on my MacBook.  Let’s face it, Google is everywhere, and even if you only casually use the internet, it’s likely that you make use of their services – even if only their search engine.  They make it easy by providing so many resources for free.  Well, they don’t cost the user any money, but they do have a price: information.

Continue reading…