Internet Security
Over the past month or two I have noticed a number of questionable security practices by different companies. On local news, I frequently hear how hackers are responsible for much of the information theft on the Internet. I think the problem has to do more with poor security policies by organizations. About a month ago on Off the Hook, Emmanuel Goldstein was talking about how Citibank lost a backup tape containing millions of customers information. The tape was shipped by UPS and lost some how. The credit card company failed to even encrypt the information that was contained on the tape. In the latest Wired magazine there is also a picture showing a number of lost records by corporations and about half of them were the caused by a careless organization.
On the net to achieve security one usually has to go through a lot of effort. One thing I don't understand is when I want to get my email through a web mail account, I usually have to click that I want a secure transaction. If I forget to do so my password and message will be transferred as clear text. Sites should bring the user to the secure sign-in in the first place. Most users I see never uses this option and log on through an insecure method.
A few months ago I switched my ISP to Comcast. When getting the account I was given an email through Comcast. I was given a default password which I attempted to change to a stronger password. I tried to change the password a few time and each time I tried to change it I would get an error message. The problem I was having is I could only use letters and numbers and I was attempting to use other characters in my password. I really don't understand why Comcast users are restricted to only letters and numbers. Almost any literature concerning choosing a good password says that other characters besides letters and numbers should be used. I tried to address this problem by sending Comcast technical support an email, asking them about their password policy. The answer I received is the person told me that they aren't in any position to answer that type of question and would pass my concern along. I never did hear back from any one at Comcast.
Last week I had to change some of the DNS information for my web site. In the process of getting everything sorted out, the the people at the web hosting company had to verify my identity. I was given the option of giving them my credit card number or password for verification. That made me wonder why would a the hosting company even have password? The company could store a secure hash of the customers password and validate the password that way, instead of storing every customers password as clear text. If someone was able to get access the database containing the user information, they would be able to access all the accounts on all the servers of the company. I asked the technical support person why aren't the password stored as a hash? I think he basically didn't like the question and said that he isn't in charge with making the policy.
These are just a few of the incident, I have noticed recently, where the security policies concerning the users information comes into question. Most of these companies like to blame others when their users accounts are compromised but they make them easier to compromise in the first place.
On the net to achieve security one usually has to go through a lot of effort. One thing I don't understand is when I want to get my email through a web mail account, I usually have to click that I want a secure transaction. If I forget to do so my password and message will be transferred as clear text. Sites should bring the user to the secure sign-in in the first place. Most users I see never uses this option and log on through an insecure method.
A few months ago I switched my ISP to Comcast. When getting the account I was given an email through Comcast. I was given a default password which I attempted to change to a stronger password. I tried to change the password a few time and each time I tried to change it I would get an error message. The problem I was having is I could only use letters and numbers and I was attempting to use other characters in my password. I really don't understand why Comcast users are restricted to only letters and numbers. Almost any literature concerning choosing a good password says that other characters besides letters and numbers should be used. I tried to address this problem by sending Comcast technical support an email, asking them about their password policy. The answer I received is the person told me that they aren't in any position to answer that type of question and would pass my concern along. I never did hear back from any one at Comcast.
Last week I had to change some of the DNS information for my web site. In the process of getting everything sorted out, the the people at the web hosting company had to verify my identity. I was given the option of giving them my credit card number or password for verification. That made me wonder why would a the hosting company even have password? The company could store a secure hash of the customers password and validate the password that way, instead of storing every customers password as clear text. If someone was able to get access the database containing the user information, they would be able to access all the accounts on all the servers of the company. I asked the technical support person why aren't the password stored as a hash? I think he basically didn't like the question and said that he isn't in charge with making the policy.
These are just a few of the incident, I have noticed recently, where the security policies concerning the users information comes into question. Most of these companies like to blame others when their users accounts are compromised but they make them easier to compromise in the first place.
posted by Nathan Balon at 5:07 PM
2 Comments:
[url=http://www.acheter-viagra.freehostp.com][img]http://www.viagra-achetez.enjoymeds.biz/achat-cialis.jpg[/img][/url][url=http://www.acheter-viagra.freehostp.com][img]http://www.viagra-achetez.enjoymeds.biz/achat-viagra.jpg[/img][/url][url=http://www.acheter-viagra.freehostp.com][img]http://www.viagra-achetez.enjoymeds.biz/achat-levitra.jpg[/img][/url]
[b]ACHAT CIALIS EN PARIS[/b]
[url=http://www.mmagame.com/forum/viewtopic.php?t=365]achat cialis[/url] - ACHAT CIALIS GENERIQUE EN FRANCE
[b]cialis prix[/b]
http://crhsesaprn.hqforums.com/vp23.html
[b]ONLINE Tadalafil 20mg Acheter[/b]
[url=http://hefeiexpat.com/forum/index.php?topic=383.0]cialis europe[/url] - ACHAT CIALIS EN LIGNE
[b]medicament cialis[/b]
http://www.700musers.com/phpBB2/viewtopic.php?t=588
[b]Tadalafil 10mg Achat[/b]
[url=http://www.lookupamerica.com/board/index.php?showtopic=1666]cialis[/url] - ACHAT CIALIS GENERIQUE EN PARIS
[b]acheter du cialis[/b]
[b]cialis 10m[/b]
[url=http://www.proton-tm.com/board/viewtopic.php?p=1679]CIALIS ACHA - Sialic
T GENERIQUE EN LIGNE[/url] - CIALIS ACHAT EN LIGNE
[b]Tadalafil 10mg Achat[/b]
[b]ONLINE Tadalafil 20mg Acheter[/b]
[url=http://hellskitchenonline.com/phpBB3/viewtopic.php?f=3&p=28968]ACHAT CIALIS EN PARIS[/url] - achat cialis
[b]cialis generique[/b]
ups sorry delete plz [url=http://duhum.com].[/url]
Post a Comment
<< Home