The Age of Aquarius it isn’t but the Decade of Digital Detritus it is!
There are times when I wish it were the other way around. I have lived through a number of history making “ages” but none have grown as rapidly in capacity or complexity as this new wonder. As always the intent was to benefit mankind at large but, as in all good plays, it becomes a battle between good and evil.
At this very moment it appears that evil has overwhelmed the just.
The world is experiencing an unprecedented wave of digital ram raids with even names like Google, BBC, NBC and swag of others being targeted. Facebook, Twitter and the like had hundreds of thousands of user files compromised or some tens of million dollars emptied from bank and credit card accounts.
These raids are increasing at pace and are happening so alarmingly right here in our back yard. Even our own ABC has recently been breached resulting in the personal data of almost 50,000 users being leaked.
Over the last few weeks I have been inundated with warnings from security organisations about the total lack of security of private data, be it on my computer or in the cloud. Worryingly, encryption is also no longer a trusted barrier to unauthorised access. Everybody is fallible including the likes of Apple, Microsoft, the FBI banks and even the likes of Visa. Social media was a spectacular target with Facebook and Twitter running into the hundreds of thousands. Then there was Zappos.com with 24 million customers affected. The social security numbers of 3.6 million of South Carolinians, as well as credit and debit card information for hundreds of thousands of people when their taxpayer server was compromised. The list just goes on.
Proof of this threat arrived in a very real form when Evernote advised me and some 50 million others to reset my password as their system had been compromised. For those of you not quite so familiar with the digital world, Evernote is a cloud-based system that provides free, for private use, storage for your ideas, things you like, things you hear, and things you see. Evernote works with nearly every computer, phone and mobile device out there and can be search by keyword, tag or even printed and handwritten text inside images. Security is provided by SSL but it does encrypted files that only you, the key holder, can access.
Or so we thought! That is until I was made aware of a $300 piece of software that is able to de-crypt anything that has been encrypted by all currently popular methods.
This may possibly be an attempt by our shady friends to turn an honest dollar by making their software legitimately available. No matter what the reality may be, it is a clear proof that what was considered safe just a short time ago is no longer so. This software does not even need to know passwords. No matter how long or complex these may be they are ignored and the data segments are attacked, analysed and exposed.
As I have previous described in this column, from a security perspective, users tend to be good at blocking access to their computers through the main entryway, but they tend to do less well blocking other entries. Take a house for example. You lock the front door but nothing stops somebody breaking in the back door. Bingo, they can then go into every room of your house. Users have to think about closing all the doors around the house and also put a dead lock on every door in their house.
To refresh your memories your computer has 6000 such metaphorical doors. Some are open for email while others are open for Internet access. These we hope are watched over by our antivirus and firewall systems. But what about the rest?
One of the best first self help resources I know is Gibson Research. Just head for Steve Gibson’s Shields Up at www.grc.com and run your own test.
Most of the problems appear to have been created by Java. This proprietary code is ubiquitous and used by an incredible number of programs and devices. Yes, even your mobile phone can not operate without it.
Until about a week ago the answer was to disable this feature where ever one could with particular emphasis on web browsers. The author, Oracle, has since issued a string of patches but even as I write another breach has been detected with another update due.
Apple who have until recently crowed that their systems were hack proof have just released version 6.1 of iOS, patching 27 security flaws in their mobile operating system. By default this updates uninstalls the Java plug-in from the web browser. Users wishing to continue using Java plug-ins should download the latest versions from Oracle.
Do you have Java? You can check to see if you have Java on your computer by visiting http://java.com and clicking “Do I have Java?” If you want to check your systems just view Oracle’s advice on how to disable Java and Oracle’s FAQs about Java on Macs if you use Apple Macs.
I can well imagine you saying all this is very good but I’m only small fry so why would anybody want to hack into any of my systems. If you run a payroll or trust account you are a great source of information needed for identity theft. The last number I heard about this little gem is that it is worth in excess of $80 billion these days.
You may do like me and some 10 million others and run a nifty app that tracks all your exercise activities. It is called Endomondo and measures calorie burnt, metabolic rates and even plots your route on Google Maps whilst you walk, cycle or run. Mine plots my wanderings when I walk my dog. If I got hold of a suburbs worth of data I could set up a great Fagan and Oliver Twist like enterprise and burgle houses at will as Endomondo would supply enough real time data to make it a cinch.
I do use industrial strength AV and firewall software and I do not publish my passwords and sensitive data in the cloud. All these stay on my computers and on my in house backup systems. I do use cloud storage because of its enormous convenience but only upload inconsequential files that I may need to access from remote places or share with people I trust. And yes, Endomondo is now uninstalled.
It may all sound pretty boring until you become the victim and then it is too late.
For those younger folk wondering about the headline, The Ink Spots were a vocal group in the 1930s and 1940s that disbanded in 1954. One of their hit songs was the Java Jive – Ed.