The Sum of All Fears: Social Networking at InfoWarCon


LinkedIn-Password-Hack-600x380

Check out this article: How I Became the Kind of Person Who Can Work a Room.

“About half the people I spoke with offered me their cards, which, in the age of LinkedIn, is becoming more rare.”

Oddly enough, the lesson that I got out of this was that business networks face an increase of risk as the use of the business card declines, and the use of professional social networks continues to grow and password security continues to be lackadaisical amongst its participants. To make this point, I’ll use 5 facts and an anecdote.

Consider these 5 facts

1) Password security is only as good as the site administrator’s determined settings and the creativity of the password maker.
2) Password security measures are usually crap, but not to say strict codes don’t exist (md5 hash + the blood of a virgin).
3) The lazy and the ignorant use the same passwords for multiple accounts.
4) LinkedIn has been a victim and continues to be a target for hackers.
5) Hackers have dumped LinkedIn usernames and passwords.

Anecdote

I recall a time while working at a prestigious investment bank as a lowly intern…

One morning, an hour before work, I sat here at my house office combing through my Leviathan of a news feed. I saw that the hackers were boasting about LinkedIn pwnge and I saw that a couple of the cyber security guys and media outlets were beginning to disseminate news of 6 million plus UNs and PWs were dumped on to the open web.

I thought it was interesting that LinkedIn was the only social network that the bank allowed. I assuredly thought that the leak of 6million UNs and PWs might put some in the company in a fix, if malicious actions were taken.

When I arrived at the office I checked my email, and I saw nothing about LinkedIn. Not from HQ, nor from branch brass. Interesting as the news has been out for a while now. (Minutes ago is years ago in internet news time).

I started asking around those who were close to my office desk if anybody knew anything about it. Nope. Nobody heard anything about it. I emailed our regulator lady that makes sure we all stay within bounds of the company and the law, as her job is to protect the bank. She is also responsible for taking our social networking information down for company record. She knew nothing about the dump either. I asked our office-appointed computer expert about it and he didn’t know anything at this point. The regulator lady sent me another message that said HQ didn’t know anything either.

“How the -f- is the intern better informed”, I thought to myself.

Not much time later, a couple minutes (years in internet time), I get the mass email about LinkedIn being pwnd. I thought to myself. Did I have anything to do with that mass email being sent? Maybe, maybe not. Maybe somebody on the East Coast picked up on it too? But what if I did? How long would the UNs and PWs be ripe for the plucking without acknowledgement of the company? Could any of those UNs and PWs be used to access any part of the protected network? I wouldn’t doubt it, judging by the facial expressions after a quick brief on password security. I’m telling you, it was bad. I used to see active RSA key fobs laying out on desks by people who left their work areas for extended periods of time. A no-no for a company with over $230B in assets.

Conclusion

Acknowledgement

This message was brought to you by a fear in me that has been struck by Winn Schwartau’s ‘I told you so’ speeches.

infowarcon-logo-subtitle_whitebkg

I really wrote this because I am a James Bond fan, and I don’t think he needed to write scripts in the first place. 😛

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s