Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Lessons learnt from high profile security breaches

Dean Pemberton | Oct. 3, 2012
On Friday August 3 2012, Mat Honan, a reporter for Wired magazine, had his digital life erased after attackers were able to gain access to his Apple, Amazon, Gmail and Twitter accounts. Losing every photo from his daughter's life was serious enough, but the true shock came from how easy the process was. It all started with someone knowing Honan's personal domain name. From there, the escalation of steps was simple:

So what can people and organisations do to ensure that they are neither susceptible to nor contributing to this sort of attack?

Evaluate your password recovery procedures. Both automated procedures and those via your customer support lines. It should be difficult to reset a user's password. Issuing a password reset should be the exception, not the rule.

Evaluate your administration trust chains. Ensure that you're not protecting valuable assets using lower security systems.

Evaluate your use of information for authentication. Examine how you utilise pieces of client information.

Are you using a credit card number as a means of authentication? A credit card is for making a purchase, not authenticating a user. Other organisations might not give it the same protection as you. Do you ask for someone's birthdate as a means of authentication?

Do you know how many people have their birthdate on their Facebook profile? It's not really information that only that person would know.

Above all, I hope that by learning from the experiences detailed here I'm not reading about you or your customers in the next attack report.

Pemberton is a technical policy analyst for InternetNZ

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.