This post was contributed by a community member. The views expressed here are the author's own.

Health & Fitness

Could the recent wave of online security breaches be considered a good thing?

There is a lesson to be learned from this. Ultimately it is up to each individual to determine how safe their information is, but businesses have more control than some choose to admit.

Epsilon, Citigroup and Sony with the Playstation Network are just a few of the targets of recent security breaches.  You may have seen coverage of these online and heard discussions about these on the radio or TV.  Any loss of personal data is unacceptable regardless of what data is compromised.  Identity theft is a hot topic these days.  Most of us have come to appreciate the advantages our online life provides us.  We can easily see our bank balance and make bill payments online, order prescriptions and even place an order to be picked up at our favorite restaurant from our computer or smart phone.  These breaches should be a wakeup call to businesses large and small.

 

How does this happen

Find out what's happening in Ladue-Frontenacwith free, real-time updates from Patch.

 

The primary reason is the use of inadequate security measures.  The business that has developed the website that you are accessing should keep your information in an encrypted database.  Your password should not be stored in plain text.  The proper way a password should be stored on the server is a salted hash.  Ideally you should be connecting over an SSL connection.

Find out what's happening in Ladue-Frontenacwith free, real-time updates from Patch.

 

What to look for    

 

If you are connected using SSL the web address in the address bar will start with https rather than http.  You can easily force that to occur with a free plug-in offered by the Electronic Frontier Foundation called HTTPS Everywhere (follow link for me info).  The quickest way to determine if your password is secure on a website is to select the "forgot my password” option and the website offers to email your password to you that is a warning sign that your password is stored in plain text.  What you want to happen is the website to send you a link to reset your password or other similar option.  The reason they are unable to send your password if it is stored as a salted hash is the website does not actually know what your password is, when you login the server compares the hashed string to the hashed string stored on the server if these match then you are able to gain access.  To create a hashed password the web code takes your password and uses a rainbow table to turn it into a string of characters.  If the password is just hashed then anyone could theoretically take the hash and using the rainbow tables could eventually determine what the password is.  The “salt” is an extra added piece that is added in conjunction with the rainbow table to strengthen your password. 

 

Is this the only security concern I should have? 

 

Absolutely not, this only scratches the surface.  A perfect example of this is a Firefox plug-in called   “Firesheep” which has actually been around for months and been downloaded widely.  How does Firesheep work?  Well, let’s say you go to your favorite coffee shop with your laptop and use the free wifi access while you are there.  Firesheep allows someone who is monitoring the free wifi access point to intercept the security token passed back to your laptop when you login to your Facebook account or similar type of account.  This gives them complete control over your account; they can change your password and even post to your account.  Don’t panic yet, this is only on unsecured access points.  What does that mean?  Well when you select that access point to connect to, if you are prompted to enter a passcode then this is a secured access point.  If you notice that your coffee shop or other wifi provider does not have the access point secured all they have to do is enable the protection.  The password doesn’t have to be complicated and they can even tell everyone the password or post a sign on the wall.  Just that simple step of securing the access point will protect you.

 

So why did I ask the question in the headline if security breaches were a good thing?

 

Well as I stated earlier this should be a wakeup call for all businesses, I actually feel that any breach due to lack of proper security is unacceptable.  Businesses need to take a look at their websites and company servers to evaluate if the security implementation is good enough.  If databases aren’t secure and if logins aren’t secure these flaws will eventually have significant consequences.  Let’s just consider the implications to Sony.  Their network was down for weeks, they have offered identity theft protection to those affected, this is a serious black mark on their reputation and they have estimated the cost for breach related expenses to be $178 million through March of 2012.  Sony is a large company and this is only one segment of their business, but imagine if this was a small business and the network was their livelihood.  The Firesheep plug-in was written primarily to demonstrate that this was a significant issue and some of the underground hacking groups that have compromised websites have done it just to show they could.  It is something each of us should consider when we make the decision to patronize a business and if you are in a position within a business and this is even remotely in your area of responsibility, it’s time to evaluate the security policies.  The safety of our data and personal information is only as safe as those businesses and individuals that we trust to use and store it.  Think about this the next time you login to a website or before you sign up for a new website.  It is worth looking for the warning signs, if you see something that makes you uncomfortable ask questions or even consider it you are willing to trust this business with your personal information.  That informed decision could save you a big headache in the future.

We’ve removed the ability to reply as we work to make improvements. Learn more here

The views expressed in this post are the author's own. Want to post on Patch?

More from Ladue-Frontenac