Tuesday, August 12, 2014

Justification for Your Paranoia

So, my boss was off attending BlackHat and DEFCON over the past week, and I've been here putting out fires and filing reports in his absence. Here is your latest dose of details on how insecure your (and everyone else's) data really is...and a couple of bright points to make you feel better.

1. First, a nice InfoGraphic about the biggest breaches of the last decade...
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Because everyone loves infographics, right?

2. Hey look, the US patent office really is COMPLETELY BROKEN.
Not that this should really come as a surprise to anyone who follows the activity of the many patent trolls out there, or the ridiculous, never-ending fights between big tech companies. Our patent system is completely broken and issues tons of vague, unproductive patents. The news here is that someone finally put their finger on how broken the culture at the USPTO really is.
3.  The security cons in Vegas this week debuted some nice new tools for password cracking.
Nothing much to say here except, remember: No matter how secure and unguessable you think your password is, IT ISN'T.
You know the drill--don't reuse passwords, change it often, make it long, hope for the best. Human brains cannot generate randomness, can't remember randomness, and even have a hard time faking randomness. In man vs. password cracking algorithm, man always loses. The only thing you can do is try to make it a slow process and hope the hacker gets bored and gives up.
4. Google, at least, is doing what it can to make the web more secure.
Google announced a couple of interesting initiatives in the last couple of weeks. First is Project Zero, in which they are hiring some top-end hackers, and paying them to spend 100% of their time looking for new zero-day exploits, and encouraging them to do it for any and all web software
Second, they are going to be using HTTPS as a ranking signal. Which, in laymans terms, means that more secure sites will get bumped higher on their search listings. So if you are the kind of person that clicks the first thing that Google returns when you are searching the web, chances are you'll get a secure site. If you want better site rankings get yourself a certificate.