I would not normally put this sort of post on my blog as it is more to do with outdoors, but sometimes i need to know a little more and there are far smarter people out there than i when it comes to IT and programming.
The recent cyber attacks on ABTA organisation had me thinking.
Now i guess ABTA have bought expensive anti attack software from a company which will defend its data in a certain way. So if someone has managed to hack into that software it then has access to 43,000 personal files. (TV news).
I got to thinking that if the software company provides "parcels of encrypted data" that can be given to individual customers when they decide to sign up with the organisation, the customer can then add data into specified blank areas which will then make that parcel a unique gateway.
So, if the main organisation is hacked then the amount of gateways opened would be minor in comparison to 43,000.
Does this make sense to anyone? Or am i being stupid.(You don't need to answer the last bit.)
Have no answer to that one Alan. However, all this cyber stuff is darned scary. As one who uses the computer a lot, all I can say is be darned careful, especially when checking e mails.
ReplyDeleteLike Dawn, I'm pretty much in the dark beyond taking - as Dawn suggests - reasonable precautions. If I'm doing anything like buying something online I try to get the transaction over, the history deleted and the browser closed as quickly as possible. All of which is a bit daft considering cyber attacks probably achieve their objective using processes lasting microseconds and then there's usually a sequence of confirming emails over which I have no control at all when it comes to security.
ReplyDeleteI use an iMac and it's much the same when it comes to virus protection: half of the 'experts' seem to think the more recent versions of OS X have adequate built-in safeguards and there's no need for antivirus software; the other half say that approach is complacent and would leave me vulnerable. For my own part, I have no idea.
Sorry, Alan; that didn't get us any further forward did it?
Dawn, Dave, I may have something I can post soon. Stay tuned. Thanks for commenting anyway, I was thinking I was alone in the world.
ReplyDeleteDave I too use Mac gear but I still use 3rd party protection.
From the details ABTA gave in their press release, it seems likely that their website was SQL-injected; meaning the attackers would have been able to extract data from the database with ease. If this was the case, the attackers would have exploited poorly coded web-pages and server configuration to get at the data i.e. all problems that are entirely down to the organisation running the servers.
ReplyDeleteAlthough the reports from ABTA say the data was encrypted, this is a non-issue. By now most of that data would have been decrypted. As computers have become more and more powerful year-on-year, passwords need to become longer and longer; and most have not!
My advice to all computer users is use a password manager application, which will allow very long completely random passwords that use very large characters sets (i.e. 90+ characters including at least all of uppercase, lowercase, numbers and symbols).
And never, ever, ever reuse passwords!
re: OS X. It can be secure, but the default configuration isn't. Anti-malware software is always recommended.
Hope that helps
Richard
PS I should add that I have no current or past involvement with the development of anti-malware or password management software.
Thanks Richard for the comment. The more info passed on the better. I have now posted Pt 2. I hope you find it interesting.
ReplyDeleteHi Alan,
ReplyDeleteI'm not sure what you mean by 'parcels of encrypted data' but encryption can't be used while databases are active. The reason for this is that say the database is ordered alphabtically - Alice, Bob, Carol, etc. If you encrypt these, they turn into random strings of characters and it is impractical to sort them. This may make operations such as sort and search impossible.
Encryption can protect, to some extent, stored data but weak encryption is quite easy to crack and strong encryption slows down the system quite a lot.
Hi Ian, I may be talking tosh here. But it can't be beyond the realms to reduce the damage caused by hacking into a system as ABTA for example.
DeleteMy parcels of encryption idea may not be the correct terminology but I thought that if each subscriber was sent a paragraph of data and it had blank spaces within it that the customer could fill in and make that a unique paragraph within the whole program which could only be accessed by someone sending that unique paragraph. I thought that this method would reduce the amount of data that a hacker could gain. I also have now done a pt 2 post which explains to me clearly.