| 9/20/2012 | Patrick Dukart, Information Security Manager | Where are we now? Well, we are not in Kansas anymore. The hacker community diligently continues to seek vulnerabilities in computer systems as seen by the most recent attacks on Yahoo and Linkedin. These two incidents could have been prevented by using some simple security strategies. In the case of Yahoo, “it was a failure of password handling, not the weakness of the passwords themselves.” Yahoo had purchased a company, which used a database to store the passwords in clear text. The database had a known vulnerability which was exploited by the hackers. Chugach Alaska Corporation uses a secure technology from Microsoft called Active Directory to protect passwords using a one way encryption process called a HASH. “A HASH is a way of taking a variable-length password and creating a cryptic, fixed-length password from it.” HASH
Password = 8be3c943b1609fffbfc51aad666d0a04adf83c9d
8be3c943b1609fffbfc51aad666d0a04adf83c9d = Password In the case of Linkedin, hackers were able to obtain the password HASH, which can be compared to HASH of a known password such as “password,” “wordpass,” etc. This emphasizes using a good password, since a HASH of an easy password will most likely be known and kept in a database known as a Rainbow Table. In both of these cases, implementing the policy of “Least Administrative Privilege” and “Network Monitoring” could have minimized and/or mitigated the vulnerability hackers used to gain access. At Chugach Alaska Corporation we have these strategies in place and continue to evaluate and improve the security posture based on risk, cost, and impact to the organization. We also require strong passwords, and routine password changes which help to buffer our security posture. As an individual, you can add additional layers of security by: 1) Using a UNIQUE username for each account (Facebook, Linkedin, Yahoo, etc) and a UNIQUE password.
2) CHANGE your password every 90 days
3) USE strong passwords
4) Keep your systems PATCHED routinely
5) Use ANTI-VIRUS, and keep it updated
6) BEE vigilant regarding unknown emails and strange emails. Reference: Check your password compromise for linkedin here:
https://lastpass.com/linkedin/ Three Steps to avoid getting hacked like Yahoo:
http://www.cio.com/article/711045/Three_Steps_to_Avoid_Getting_Hacked_Like_Yahoo |
| |
| | | |
Posted via email from katkimjac's posterous
No comments:
Post a Comment