Many of you may have seen the recent announcement about a Russian hacking group amassing over a billion internet passwords from internet facing applications. If you haven't, here's a link to the recent New York Times article
This hasn't generated a tsunami of chatter just yet but I am certain that many of you will have/face questions. Based upon what little we know right now, here are some random thoughts and opinions.
- When In Doubt, Change Your Passwords. Seems simple enough, but many people still do not do this with regularity. Worse, many people use the same weak password for multiple accounts. Changing your password to a strong, complex password that you haven't used elsewhere will eliminate the threat of compromised passwords. Corporately, enforcement of password policies regarding complexity and periodicity of change will have the same positive impact
- The Announcement Timing Is Suspect. Hold Security (the company that announced this finding) may be doing this for publicity. Less than scrupulous security firms have often kickstarted their initiatives with a huge announcement like this as an entry into gaining traction in the market. Add to that the fact that the Blackhat and Defcon Security Conferences are currently underway, and my suspicions become exacerbated. Indeed, Forbes announced this morning that Hold is now offering a service "for as low as $120" to help you determine whether your password is on the list.
- We Don't Know The Important Stuff. Yet. Until we have more data (who/what/when/where/why) about this announcement, there's little anyone can do corporately/organizationally to protect themselves beyond changing passwords. Indeed, this is little more a "the sky is falling" announcement as it is currently crafted. What's would be more interesting is an understanding of what servers in what corproate entities were compromised to get this data. If Hold Security chooses to release that information (and early indications are that they will not), then the impacted organizations will come under increased scrutiny and may trigger a need for security professionals to reassess their overall protection profiles.
My two cents...
The information you have posted is very useful. The sites you have referred was good. Thanks for sharing..
ReplyDeletejiofi password change
Great informative post thanks for sharing!! jio dongle local html
ReplyDelete