Sony's devastating security breach is not only a public relations nightmare and now, an identity-theft worry for its customers, but it's also a reminder (yet again) of the vulnerability of computer networks.
Sony's PlayStation Network is comprised of networked servers housing massive amounts of data including valued customer data. The parts making up Sony's network are not much different than the parts making up any other business' network, except most business networks are on a smaller scale.
While Sony is not releasing a lot of detail as to how the breach was carried out or what security mechanisms it had in place that failed, there are some good lessons learned for any business no matter what the size about protecting network infrastructure and the data residing on those networks.
One of the key ways any company owner can protect themselves is to forget the notion of, "Why would anyone want to hack into my network?" Why? Because they can. Whether you run a business making chocolate candies or handle financials for thousands of clients, taking an offensive approach against hackers, network intruders, or script kiddies looking to make a name for themselves, is fundamental to protecting your business network.
It's important to know that in the technology world, there is no such thing as 100 percent secure. You can lessen the chances of network or data compromise though, with a few tips:
Back in September, Google introduced the ability to add two-step verification for Google Apps accounts. What this means is that in order to log into your Google account, you not only enter your username and password, but you also enter an ever changing code. The code is sent to you by SMS, or can be found by using an iPhone, Blackberry, or Android app. This security feature makes it so that if someone finds your password by looking over your shoulder, phishing it, guessing it, or sniffing it from whichever network or computer you use, they will be unable to access your account, because they won't have access to this second factor authentication.
Now, Google just announced that they are rolling out the feature for all users. Over the coming days, a new option will appear in the Security tab of your Google Account. The feature is optional, and will allow you to use this option to better protect your account, either by receiving an automated call, SMS, or by using an app on your phone. This only occurs when you need to actually log on, which only happens on a new system or after a few months of use, so you won't need to do this every time you check your email. The process is not completely painless. The sign-up involves registering a backup number and one-time password, and you need to make special cases for apps which may need access to your Google account but do not support this feature, such as a desktop mail app. Still, it's a very good security measure, which everyone should look into.
Read More | Google Blog
In a reminder to always use strong, unique passwords on every service we use, we learn this week that Trapster, a web site and app used by over 10 million users, was targeted by a hacker which may have compromised the login and password information of all of their users. The company has posted an advisory urging people to change their password on the web site, and anywhere else they may be using the same password.
Read More | Peer360
We suspect there are a lot of people who hit up their local Starbucks to take advantage of the free WiFi and sip the same cup for hours. The Holland based CoffeeCompany has come up with an idea to curb the practice. They change the name of their network with such passwords as “HaveYouTriedCoffeeCake?,” “BuyAnotherCupYouCheapskate” and “BuyaLargeLatteGetBrownieForFree.” While the message is comical and subliminal, the guilt factor must be worth the effort.
Read More | AdRants
In a previous post, Gear Live discovered that the new iTunes WiFi Music Store has a few bugs here and there. The bug I encountered prevents some users from authenticating easily to purchase tracks. With a little sleuth work I managed to track down the problem: the password fields in the new iPhone software version 1.1.1 don’t work well with capitol letters in passwords. Click through for a full run down of the problem, and how to fix it if it affects you.
With so many web sites, applications, and services out there on the internet requiring passwords, we are required to remember a dizzying array of usernames and passwords to live our digital life. Browsers and email clients usually have features to remember these passwords for us, but that solution falls short if you use multiple computers, or particularly if your primary internet access comes from public web terminals. Luckily, RoboForm2Go has introduced a portable and secure password management solution in the form of a USB key.
The RoboForm2Go software can be bought separately or pre-loaded onto a USB flash drive. The software requires no install, and can work on any Windows computer with a USB port. The RoboForm2Go software automatically stores your usernames, passwords, and other information for you on the USB thumb drive encrypted with AES 128bit encryption to keep your login information safe should you use the drive. The RoboForm2Go software will also automatically generate random passwords for each new website you visit to help increase security, and will remember your credit card information to make shopping online a breeze.
Read More | RoboForm2Go Product Page
Today Linden Labs notified users that on or about September 6th, a Second Life database server was compromised and that hackers may have gained access to users’ personal information including names, addresses, encrypted passwords and encrypted payment information. While, according to their press release there was no indication that the hackers could compromise users’ online accounts, Linden is forcing all of their users to change their Second Life passwords in response to the breach.
From the release:
“We’re taking a very conservative approach and assuming passwords were compromised and therefore we’re requiring users to change their Second Life passwords immediately,” said Cory Ondrejka, CTO of Linden Lab. “While we realize this is an inconvenience for residents, we believe it’s the safest course of action. We place the highest priority on protecting customer data and will continue to take aggressive measures to protect the privacy and security of the community.”
With more and more online games every year (most of them requiring payment of some type), the issue of data security could quickly become a major focus for game makers. Will we be seeing a Microsoft-circa-2000-esque push toward writing secure game code in the near future? It couldn’t hurt to start soon…
Read More | http://secondlife.com/corporate/bulletin.php