What to do about SSNs

Подробнее о видео

What to do about the SSN Breach?
A Bit of Security for August 16, 2024
In January 1999 Scott McNealy famously said “You have zero privacy anyway. Get over it.” While nobody ever accused Scott of being a prophet, recent developments underscore how fragile privacy is. The breach of 2.5 billion records (and we’ve only got 350 million citizens in the US) revealing everyone’s Social Security Number, name, address, and the like, underscores the weaknesses of our technology infrastructure.
What can we do about it? Here are a few things to consider.
1. Change your password – you should assume it’s been compromised.
2. Cancel any accounts you don’t use – and before you leave, change your personal information so anyone who gets a copy later won’t have good data about you.
3. Turn on multifactor authentication. Yes, SMS traffic can be hacked, but the idea is to make it harder for the bad actors to get to your stuff. If you can use a hard token, do so; but something is much better than nothing.
If the government of Iran wants to get something about you personally, you’re in trouble. But most hackers are running automated scripts to hoover up all the data they can then run attacks. If your site doesn’t open up immediately, they move to the next. Think of it like putting a lock on your car’s gas tank. If someone really wants to get your gas, they’ll punch a hole in the tank. Most often, though, they’ll just move to the next car.
Do you think Scott uses multifactor authentication? If you were he, would you? I bet you would.
And what can vendors do? Here are a few suggestions.
1. Don’t ship default passwords unless you force the user to change them on installation.
2. Follow Secure by Design guidelines to reduce the likelihood of code bugs that leave openings for hackers.
3. Use memory-safe languages to stop common attacks.
The harder thing to ask vendors is to put better design into their products so users aren’t guided into making bad choices. Do you think Scott would endorse those principles? He did – Java (once known as Oak) is memory safe.
I’ve covered the wider issue of why security defects occur at all in two earlier posts, and I’ll visit that topic again shortly. Stay safe.
What Can We Do about the SSN Leak?
A Bit of Security for August 16, 2024
Everyone’s social security number, name, and address is now available on the web. What can we do about this? Listen to this -
Let me know what you think in the comments below or at wjmalik@noc.social
#cybersecuritytips #SSNhack #MFA #privacy #BitofSec