Thursday, July 12, 2012

Security Breach Exposes Sorry Lack of Creativity

Am I prescient or what! Wasn't I complaining the other day about a lack of creativity evinced by spammers and spambots of late? Turns out, it's contagious... [Cue scary music]

Tech blog CNET News reported today on the latest breach of online security that has unfortunately become a major irritant in the modern digital age. Voices, an online publishing tool that was acquired by Yahoo in 2010 and is now used as a part of its news service, was hacked, giving the hackers access to login information (username and password) of more than 450 thousand Yahoo users. The gleaned credentials were posted ('dumped' is the geekspeak) on a web page. As has become a trend, the anonymous perpetrators left a cautionary note (reported CNN):
"We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat," a note on the page said. "There have been many security holes exploited in Web servers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly."... The statement adds that the "subdomain and vulnerable parameters" that were used to hack the site were not posted "to avoid further damage."
As with previous such instances, CNET accessed the list of passwords and analyzed their patterns. Read the CNET News report to find out more. Declan McCullagh, CNET's Chief political correspondent and a senior writer (and - no doubt, proudly - an inveterate Mac user), conjured up a program to analyze the data dump for the most frequently used passwords. Suffice it to say, there is much cause to be disappointed with humanity as a whole, notwithstanding the admonitions to Yahoo (and other online providers) for beefing up their server security with alacrity. Do take a look at the list of most common passwords, and understand this embarrassing picture of humanity. Despite all the creativity and ingenuity of the human race, we cannot create, for our online accounts of daily use, suitable and safe passwords that would not be revealed in all their bizarre glory at the first hacking attack. Here is a sampling of the CNET's list of passwords, listed by the frequency of their use:
• 2295 times a sequential list of numbers was used - "123456" by far being the most popular; some instances of the numbers being reversed, or a few letters being added in.
• 160 times, "111111"; similar epitome of originality, "000000", used 71 times.
• 780 times, "password" was used as the password, with an additional 233 times of use in conjunction with a few numbers behind it.
• 437 times, "welcome".
• 333 times, "ninja", but apparently never 'Pirates'.
• 161 times, "freedom" was used, suggesting a lot of patriotic users.
• 161 times, the f-word was used in some combination.
• 133 times, "baseball"; sigh!
• 106 times, use of "superman"; nearly twice that of "batman" and thrice that of "spiderman."
• 52 times, "starwars".
• 27 times, "ncc1701" used as a password - if Star Wars come, can Star Trek be far behind? "startrek" was used 17 times, while "ncc1701a," was used 15 times.
I hope this turns out to be one of those teachable moments for most of us, but sadly, we never learn. I urge you, dear readers, do take heed. Online security is of paramount importance in an increasingly connected, digitized world. Please surf responsibly.

No comments:

Post a Comment