LinkBack URL
About LinkBacks
View Profile
View Forum Posts
Private Message
View Blog Entries
Visit Homepage
View Articles
Security in The Cloud - how to avoid getting hacked like Twitter's Evan Williams
Twitter co-founder Evan Williams’ e-mail account getting hacked has got a lot of coverage this week. And it’s reaised a lot of questions about just how secure The Cloud, hosted business applications and Web 2.0 services are.
I write this as the former managing director of an information security company, long time hosted applications user and founder of a Web 2.0 company — and I have to say, the biggest threat to online security is ignorance and laziness!
First off, let’s be clear, it was not Twitter the Application that was hacked, but Twitter the Staff — it was actually Williams’ e-mail account that was hacked and that provided the hacker all he needed to then get into the Twitter company’s instance of Google Apps, giving access to the documents now in circulation. Twitter staff got targeted because they are high profile and the hacker knew the press would be interested in the story.
How did this happen? Simple: Williams’ password was guessed. Or to put it another way, he simply didn’t set a strong enough password and has now paid the price.
There are very obvious benefits to using web based services, not least of all in their convenience and availability. Because they are web based, so available to any member of the public, they are at greater risk that an application or data store on a stand alone server in a locked office that you need to walk over to to use; but that isn’t very convenient. Broadly speaking, the risks of attack are offset by the convenience of the services — there is risk, but it’s worth taking for the upside.
But whether you use Cloud based applications or on-premise, it pays to follow these basic rules on password security:
If you are concerned your WeCanDo.BIZ password may not be secure enough you can reset it here.
- NEVER write your passwords down — make them easy to remember but personal to you so you don’t need to write them down
- Use a password system no one could ever guess. Here’s a suggestion: take the first letters of a sentence you can easily remember, e.g. Ian Watches Formula 1 Every Other Sunday would become IWF1EOS — who is ever going to guess that as a password? Factor in that the sentence could be about ANY aspect of your life and it becomes harder still for anyone to guess
- Never use the same password on more than one website — introduce just the smallest change between them, inspired by something about the site or service, e.g. add BA at the start or end for your online Barclays account, HO for Hotmail, WE for your WeCanDo.BIZ login etc.
- If you are asked to set a password reminder question, make it the most obscure option offered (things like your date of birth or mother’s maiden name may not be hard to find out) — make it something very few, if any people at all, know about you. You might even want to lie about the answer, but if you do make the answer memorable!
IH
Reply With Quote
