There are methods that can be utilized to limit one's liability, but they're not solutions that the unaware are likely to implement. While it's possible to protect our devices with software, software can't always protect us from ourselves.
I give much credit for my own security knowledge (including, I think, the acronym TNO) to Steve Gibson, of GRC (Gibson Research Corporation)
. I've taken issue with him occasionally, but he's an obvious genius that earns respect with brainpower, as opposed to those who get noticed because of unsubstantiated belief, hyperbole, inaccurate assumption, and other fool types.
The need for password security is platform agnostic. It matters not that you're using a computer, Android phone or iPad to connect with a bank or other repository holding your personal information, it all goes in, gets stored and comes back out the same way.
The internet is neither good nor evil, it accelerates truth and myth, creates convenience and endangers security. It wasn't even a generation ago that evil was mostly benign, or so we thought. There seemed to be no end of pranksters writing scripts that would erase hard drives or send a user into pornland. Over the years I've been hired to disinfect computers actually captured by porn, rather than the user being forced to view porn, that is, these users were infected for greater purposes by visiting porn sites in the first place, and for the bad guys it was like shooting naked ducks in a puddle.
For the same reason that Willy Sutton robbed banks
, the modern incarnation of internet theft thrives. No longer a loose aggregate of bored children and miscreants, think instead of big business with water fountains, pensions, campuses of Chinese brains, Israeli information farmers, think every wired nation in the world. Many are the best and brightest, some educated in the US but really stupid immigration policy insists they be removed from our soil, even after we imbue them with the best education money can buy. Modern Willy Suttons rob our institutions, businesses and, inevitably, our trust. What happens when trust is gone? Will we stash cash under the pillow? Will our pillow cash be any more than padding if this fragile, incredibly complicated system really breaks?
If you've been following the news you know about Stuxnet and Flame, big business (aka government) sponsored malware creations that were beyond clever. Flame, for instance, apparently eluded full detection since it's introduction in 2008. A few pieces of it were noticed by reputable security firms, but ignored. We now know that Flame developers exploited a Microsoft Windows
vulnerability exclusively, and might have run forever if not for programmer carelessness. Steve Gibson
points out that the mere existence of Flame confirms much of the middle east government, probably terrorist networks and most individuals in those countries are using our US born Windows operating systems. Very multinational of us.
Of course this brings up a philosophical argument: Assuming the United States government is only interested in protecting its citizens and wouldn't think about using sophisticated tactics against innocent citizenry, should we be concerned? Even if we think that the government should stay out of our computers, tablets and intentions, do we have a choice?
No. We have no choice, that genie is way out of the bottle. Our connected toys, used by governments and business everywhere, were designed from first principle to dazzle with marvelous electronic spectacle, not for security. We not only embrace and trust our machines, we depend on them, hook, line and sinker.
Think about a world without the internet: No banking, trade, communication, Skype, currency, telephones, cell phones, pumping gas, generating electricity, iAnything. Our world will grind to a halt the day bad guys gain full control of this simple, elegant-if-innocent system that was rolled out in 1971, and they become more sophisticated every day. Bad guys are no longer content to erase your hard drive or send you to pornland, instead they make devices just safe enough (apparently) to keep a user engaged. They're not interested in being discovered, they're interested in financial gain. A pickpocket won't be successful if they can't lift your wallet undetected.
Just last week passwords and logins were hacked from Linkedin, eHarmony and Last.fm. These are sites that we trust to keep our passwords safe, and I wonder why they didn't really protect my stuff, or their own. In the last year you can add the US power grid (including nuclear), Northrop Grumman, Lockheed Martin, Citibank, gMail, Facebook and many others. Military secrets to Facebook logins, it's a really big spread.
So, if our passwords are so easily hacked, can we protect ourselves? You bet.
Next up: More about Passwords...
Feel free to offer topic suggestions. Commenting on the blog would be great, let’s get some discussions going. Or, if you don’t want to comment and have a topic suggestion, please email:firstname.lastname@example.org