BEST OF THE WEB: Why passwords should die
Wednesday, November 21, 2012/
You may recall a few months ago Wired reporter Mat Honan had his digital life ruined. A hacker gained access to his Amazon, iTunes and Google accounts, completely erasing them and shutting down access to any of his accounts.
At one point, Honan feared he wouldn’t be able to recover data on his laptop, which included some of the only photos he had of his children.
In a new piece at Wired, he reveals that since that day he’s been researching the world of cyber-security. And what he’s found may shock you – that world is entirely too easy to crack.
Imagine that I want to get into your email. Let’s say you’re on AOL. All I need to do is go to the website and supply your name plus maybe the city you were born in, info that’s easy to find in the age of Google. With that, AOL gives me a password reset, and I can log in as you.
First thing I do? Search for the word “bank” to figure out where you do your online banking. I go there and click on the Forgot Password? link. I get the password reset and log in to your account, which I control. Now I own your checking account as well as your email.
Honan says that over the past few months, he’s learned how to crack any account. With just a few minutes and some cash, he can find your banking details. Another few minutes and he has access to all your entertainment services.
The common fault in all of these instances? The password.
As Honan points out, passwords are an old technology, and they’re always being broken. Honan goes on to describe a rich history of the password, including handy do’s and don’ts. But ultimately, Honan’s contention is this: the password is dead. We need to replace it.
Eventually, it will be replaced by many types of authentication. Biometrics, for instance. Or two or three factor authentication.
Ultimately, Honan says, the future of cyber security will involve a balance between convenience and privacy.
The only way forward is real identity verification: to allow our movements and metrics to be tracked in all sorts of ways and to have those movements and metrics tied to our actual identity.
Buying – and selling – attention on the internet
Did you know that you could be sold, even as you’re reading this page?
At least, that’s the contention of a New York Times story that’s delved into the practice of buying and selling attention online. As it turns out, digital advertisers are taking part in real-time bidding to control what appears on your screen.
This bidding controls whether you see an advertisement for automobiles, furniture, or any other project.
A huge player at the centre of all this is the Rubicon Project, and apparently it’s beaten Google in a key metric – the reach of internet users in the United States touched by display ads sold through its own systems.
As The New York Times explains, this is just one company out of several that have developed automated ad sales systems for websites. But there’s some problems with this – namely that regulators are concerned the process is too invisible.
“As you profile more and more people, you’ll start to segregate people into ‘the people you can get money out of’ and ‘the people you can’t get money out of,’” says Dan Auerbach, a staff technologist at the Electronic Frontier Foundation, a digital civil rights group in San Francisco, who formerly worked in digital ad data-mining.
“That is one of the dangers we should be worried about.”
It’s certainly an interesting dilemma – and one worth reading up about.
The Syrian hacking brigade
Protests in Syria have been given a huge amount of coverage, but there’s a side to this story that isn’t being told. As Bloomberg points out, there’s another side to this being fought on Facebook pages and YouTube accounts.
The Syrian civil war has been fought online, with pro-government hackers penetrating opposition websites and even the computers of news organisations to spread misinformation.
The conflict highlights just how big the digital realm has become in the protest – and protests across the world.
The Syrian conflict illustrates the extent to which the very tools that rebels in the Middle East have employed to organize and sustain their movements are now being used against them. It provides a glimpse of the future of warfare, in which computer viruses and hacking techniques can be as critical to weakening the enemy as bombs and bullets.
Over the past three months, I made contact with and interviewed by phone and e-mail participants on both sides of the Syrian cyberwar. Their stories shed light on a largely hidden aspect of a conflict with no end in sight—and show how the Internet has become a weapon of war.
The fight involves computer technicians, doctors, and popular services like Facebook and YouTube. If you’re interested in what’s happening in the digital warfare space, you should read this piece – and get an accurate picture of exactly what’s going on.