From the source: http://blogs.adobe.com/conversations/2013/10/important-customer-security-announcement.html
ZDNet's version: http://www.zdnet.com/just-how-bad-are-the-top-100-passwords-from-the-adobe-hack-hint-think-really-really-bad-7000022782/
XKCD's version: http://xkcd.com/1286/
Yet another high-profile case involving a misuse of password protection schemes. As described in ZDNet's article, 3DES was the wrong choice for storing sensitive user information; a one-way function such as a strong hash is necessary, so that decryption isn't possible (attackers will have to rely on collisions or other means) and the cost is minimal (say, a reset password on the customer's end).
On a side note, XKCD knows how to deal with it; maybe better passwords will be chosen if we post these on the New York Times? Probably not, but it'd still be funny. (Apologies to those of you who actually chose something other than "password", "adobe", or a numeric string.) In all seriousness, while the leakage of such a vast amount of sensitive data is a great concern and should not have happened, the contents suggest that so many people need to choose stronger passwords. Even without a leak it's really only a matter of time before your password is cracked, and chances are that if you choose "123456" you're probably pretty close to having 123456 seconds before your account is compromised anyway. (Too bad this guideline doesn't scale; it'd be awesome if everybody could choose a password of form "2^x", where x is replaced with the year your favorite TV show launched. Oh well, I guess exponentiation isn't supported.) Compounded with the extremely likely event that some of these users reused this password across other important sites retaining their PII...I just pray for their sake that they will lock these open doors soon.
Monday, November 4, 2013
Sunday, November 3, 2013
To Do List
/*
Please don't mind these comments.
----------
1) Determine which areas exist and the differences between them: network security, application security, cybersecurity, information security, information assurance, penetration testing, cryptology (cryptography and cryptanalysis)...
2) Determine which areas interest you the most.
3) Determine which Masters programs to apply to.
4) ...
*/
Please don't mind these comments.
----------
1) Determine which areas exist and the differences between them: network security, application security, cybersecurity, information security, information assurance, penetration testing, cryptology (cryptography and cryptanalysis)...
2) Determine which areas interest you the most.
3) Determine which Masters programs to apply to.
4) ...
*/
Wednesday, October 16, 2013
More Than Intro
Hey all!
I'm not one for long introductory posts, so I'll just say this short bit. I'm using this blog as my opportunity to post about cool stuff I find online that relates or may relate to my career interests. See Less Than Routine otherwise.
Even though I'm essentially using these blogs as rather detailed bookmark folders, I believe that sharing is caring. If you happen to be enlightened by any one of my posts then all the better; feel free to keep on reading!
I'm not one for long introductory posts, so I'll just say this short bit. I'm using this blog as my opportunity to post about cool stuff I find online that relates or may relate to my career interests. See Less Than Routine otherwise.
Even though I'm essentially using these blogs as rather detailed bookmark folders, I believe that sharing is caring. If you happen to be enlightened by any one of my posts then all the better; feel free to keep on reading!
Subscribe to:
Posts (Atom)