This is a fantastic story; but I bet most would miss why this group (whoever it was) was able to post individual’s passwords for all the world to see.
Apparently the bigger the company, the more relaxed they are about cyber security and following the very basic of rules.
Had these companies followed “Security 101” procedures they would have known to (at the very least) store passwords in either a HASH or some other encryption so that even if their database of user names and passwords is stolen they can’t be used; or at the very least be posted online somewhere for the whole world to see.
I know in my little corner of the world where I help write software applications for these big companies I have to undergo security questionnaires (sometimes over 100 pages of questions) and audits where they actually try to hack my code. The sad thing is that they are companies the size of the ones in the Fox News story (link below).
If you are about to purchase software for business or pleasure ask “Do you encrypt stored passwords?”
If you are a developer don’t think for a second that the guys doing the networking and managing the firewall and intrusion detection are doing their jobs. Follow the basics, and step one is only store passwords in their encrypted format.
Group Claims It Was 'Paid to Hack PBS,' Then Leaks a Million Sony User IDs - FoxNews.com
No comments:
Post a Comment