AMITIAE - Saturday 27 December 2014
Cassandra: Recent Security Lapses - The Bleak Present and a Dark Future
By Graham K. Rogers
Sony have not won many friends, despite the belated release of the movie that many movie houses had apparently declined to show, because of a stated fear of the GOP - not the Republicans as I mistakenly thought when I first saw this - the Guardians of Peace: a title that smacks of Orwell.
When the movie was finally put out, via YouTube and countless other sources, there was much criticism of Apple because they declined to allow the movie to be transmitted using iTunes, but no one seemed to notice that Sony failed to use its own channels.
That hardly mattered as the next morning, the Sony PlayStation store system and the Microsoft Xbox Live network were both out for the count having been hacked, this time by a group calling itself Lizard Squad (BBC TechOnline).
Indeed, the problems increased to such an extent that although the Sony breach has had the most publicity (DPRK, FBI, OBAMA will all garner hits), they did not even figure in the Top 10, Cammy Harbison writes on iDigital Times.
The list starts with a massive 145,000,000 in May for Ebay, 76,000,000 for J.P Morgan Chase in August and 56,000,000 for The Home Depot in September. Many of the organisations listed are health systems and universities, as well as the US Postal Service and the US Veterans association. A more wide-ranging graphic of significant breaches since 2005 is available from Information is Beautiful. The site, Krebs on Security details a number of problems that have come to light in recent times, including ATM problems.
Users in Thailand will be aware that most of the ATMs, on which many of us rely so much, are run using the out of date Windows XP operating system. This version of Windows was officially retired this year by Microsoft and will therefore not be supported further: updates or security. With the number of installations in Asia the potential for serious breaches should be of great concern.
It is also worth remembering such data breaches as the one that affected data of some 70 million Target customers late in 2013, with Niemann Marcus also suffering a similar problem around the same time.
I cannot buy anything from Apple these days without having to enter short-term codes sent to my phone via SMS, and when the purchase has been made, the credit card company sends another message to let me know: at least I am aware of what is being bought in my name.
Bio-metric systems, already available in a number of systems and devices, would appear to be a first step. Apart from high-level security systems (e.g military or research), there is little such protection for ordinary users. The deployment on hand-held devices is limited to fingerprint identification so far, but there is room for stronger protection for home users, offices and for devices used in the credit card chain.
Graham K. Rogers teaches at the Faculty of Engineering, Mahidol University in Thailand where he is also Assistant Dean. He wrote in the Bangkok Post, Database supplement on IT subjects. For the last seven years of Database he wrote a column on Apple and Macs. He is now continuing that in the Bangkok Post supplement, Life.
For further information, e-mail to