Thursday, January 2, 2014

Just assume that all of your accounts have been hacked and be done with it

First we hear that Target data was compromised.

Then we hear that the compromised Target data included encrypted PIN numbers. And yes, the PINs were Triple DES encrypted, and the hackers didn't get the key. Which means that hackers can never, ever, ever decrypt those PINs...right? Wrong.

Then the latest news - my favorite service Snapchat had its data compromised, and phone numbers and usernames were leaked. Well, the people who leaked the data obscured the last two digits of the phone numbers, and the full data with all digits is stored in various secure locations. Which means that hackers can never, ever, ever match the usernames to complete phone numbers...right? Wrong.

Of course, some are asking questions, such as "Why did Target retain the PINS after the transactions were authorized?" The answer is that Big Data needs all of this stuff. Take your average Android or iOS app - they ask for a ton of data. If Empoprises were ever to release an app that simply said "Beep," we would probably require users of the app to consent to the following.

By downloading the EmpoBEEP(tm) app, you grant Empoprises, our ISP, our telephone provider, all the temps who work for us, and their significant others access to the following information:

Your username
Your password
Your address
Your phone number
Your current location
Every location that you have visited in that past 365 days
Your Social Security Number
Your credit rating
Your bank account balance
All of your purchases for the past 365 days
All of your Facebook, Twitter, Google+, and MySpace friends
The usernames, passwords, addresses, etc. of all of your friends
An audio and video record of everything that happens within 1,000 feet of your mobile phone, even when it is turned off

All of this information is needed, of course, to provide users of the beeping app with the full social experience.

And after all, what's the harm in it? Our systems are secure. They're protected by high quality software from RSA.

So sortabytes and sortabytes of data are collected in Big Data farms, just waiting to be taken.

And if you can't obfuscate the data, then your other option is to unplug.

It's funny. Back when I was growing up, Karl Malden did a series of commercials for American Express Travelers Cheques. In these commercials we were warned not to carry cash.

These days, it seems that carrying cash could be the safest bet of all. You may lose your cash, but you won't lose everything else.

And don't talk about Bitcoin - consumer Bitcoin accounts have been hacked also.
blog comments powered by Disqus