In the recent past, Blizzard, Yahoo, and Linkedin have reported that they have been hacked in some way and that hackers have seen their users' passwords.
If you were a Yahoo mail user with their bank account details in an email in your inbox, and if your account had been hacked, you might be in trouble already (alright, maybe I am stretching it a bit). If you had your email address registered at Linkedin and if you had the same password for your Linkedin account and your email account, you are almost completely compromised.
What is surprising here is the amount of the users' data transmitted or stored by these websites, that is in plain text (for laymen, any one over hearing this would know everything). It is as surprising as a full ship with a hole in it.
It isn't easy to know which websites or applications store the passwords in plain-text. This Pidgin wiki gives an interesting idea that should be widely followed. When a user signs up for an account, just mention how (in) secure your storage is. Tell them how the password is stored, whether it is encrypted at their machine before sending it through to the server, if the channel of communication is secure and the possible ways in which their security can be breached.
The growth of the Internet seemed to be based on trust at first, but as it turns out, it was just because users are unaware.
It isn't easy to know which websites or applications store the passwords in plain-text. This Pidgin wiki gives an interesting idea that should be widely followed. When a user signs up for an account, just mention how (in) secure your storage is. Tell them how the password is stored, whether it is encrypted at their machine before sending it through to the server, if the channel of communication is secure and the possible ways in which their security can be breached.
The growth of the Internet seemed to be based on trust at first, but as it turns out, it was just because users are unaware.
We have to rethink how safe we are in the Internet. Each (wo)man for himself.
No comments:
Post a Comment