AMITIAE - Saturday 27 December 2014

Cassandra: Recent Security Lapses - The Bleak Present and a Dark Future

apple and chopsticks


By Graham K. Rogers


In recent months there have been several examples of security weaknesses, with the Sony break-in being just the tip of a rather large iceberg. The perpetrators are not known, although the FBI and much of official America, has blamed North Korea (DPRK), who were clearly not happy having their Leader lampooned in a movie intended for general release.

Top politicians never like to be made fun of, but it goes with the job. Some of course do not help the cause by trying to humiliate the media: this often backfires, particularly these days with the instant access and comment that social networks allow.

Sony have not won many friends, despite the belated release of the movie that many movie houses had apparently declined to show, because of a stated fear of the GOP - not the Republicans as I mistakenly thought when I first saw this - the Guardians of Peace: a title that smacks of Orwell.

When the movie was finally put out, via YouTube and countless other sources, there was much criticism of Apple because they declined to allow the movie to be transmitted using iTunes, but no one seemed to notice that Sony failed to use its own channels.

That hardly mattered as the next morning, the Sony PlayStation store system and the Microsoft Xbox Live network were both out for the count having been hacked, this time by a group calling itself Lizard Squad (BBC TechOnline).


These problems for Sony and Microsoft have received the most publicity - hell hath no fury than a gamer spurned - but this is only a small part of a problem that is in itself a growth industry, for example we were told earlier in the year by Hamish Barwick (PC Advisor) there were some 1361 data breaches in the first calendar quarter of 2014 and the rot did not stop.

Indeed, the problems increased to such an extent that although the Sony breach has had the most publicity (DPRK, FBI, OBAMA will all garner hits), they did not even figure in the Top 10, Cammy Harbison writes on iDigital Times.

The list starts with a massive 145,000,000 in May for Ebay, 76,000,000 for J.P Morgan Chase in August and 56,000,000 for The Home Depot in September. Many of the organisations listed are health systems and universities, as well as the US Postal Service and the US Veterans association. A more wide-ranging graphic of significant breaches since 2005 is available from Information is Beautiful. The site, Krebs on Security details a number of problems that have come to light in recent times, including ATM problems.

Bleak Users in Thailand will be aware that most of the ATMs, on which many of us rely so much, are run using the out of date Windows XP operating system. This version of Windows was officially retired this year by Microsoft and will therefore not be supported further: updates or security. With the number of installations in Asia the potential for serious breaches should be of great concern.

Looking through the main page for Krebs on Security I was struck by the number of times it was reported that card data was targeted. There are scores of tales of those here who have found their credit card bills inflated, and when they check back discover the problem started when the card went out of sight at a restaurant, clothes store or market stall.

It is also worth remembering such data breaches as the one that affected data of some 70 million Target customers late in 2013, with Niemann Marcus also suffering a similar problem around the same time.

I cannot buy anything from Apple these days without having to enter short-term codes sent to my phone via SMS, and when the purchase has been made, the credit card company sends another message to let me know: at least I am aware of what is being bought in my name.

There are a couple of points that may be considered:


  • The breaches that have occurred, particularly in the last year or so, are not exceptions, but the new norm. This is despite the concern with which users are persuaded to enter secure passwords along with their personal information; but that data is the very substance that is stolen by whoever may be responsible.

    Despite the warnings that the owners of such sites give, they fail properly to secure their own systems and in some cases sites have been running on software that has not been updated, while using the default passwords that were used when the system was installed.

  • Even with the warnings from experts, commentators, pundits, security personnel, many users just will not use passwords that are safe. Whether this is from laziness, unwillingness to commit to the effort needed when using a password with random characters, or simple inertia, the result is the same: most password protection, does not protect.

It might be worth the effort of those who work in security to recognise that the current safeguards are not enough protection and that while new forms of security should be developed (and users encouraged to use them), there is a need for innovation in the ways in which user data could be protected.

Bio-metric systems, already available in a number of systems and devices, would appear to be a first step. Apart from high-level security systems (e.g military or research), there is little such protection for ordinary users. The deployment on hand-held devices is limited to fingerprint identification so far, but there is room for stronger protection for home users, offices and for devices used in the credit card chain.

Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand where he is also Assistant Dean. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs. He is now continuing that in the Bangkok Post supplement, Life.



Made on Mac

For further information, e-mail to

information Tag information Tag

Back to eXtensions
Back to Home Page

All content copyright © G. K. Rogers 2014