TR Editors' blog

Setting Traps, and Other Internet Security Tips

In the wake of cyberattacks on JPMorgan and other sophisticated companies, a computer security expert offers advice to those of us with far fewer resources.

Jeremiah Grossman 31/10/2014

After massive data breaches that affect tens of millions of people, like the recent cyberattacks on JPMorgan Chase and other major banks, I’m commonly asked: “What can average people do to protect themselves?” As a computer security expert, my professional advice is: use hard-to-guess passwords, keep your computer software up-to-date, encrypt your data, and save your backups. But I could have offered the same advice in 2004. The attacks we see in 2014 are so sophisticated that taking just the steps I mentioned isn’t really going to help you all that much. The honest 2014 answer is: Go outside, raise your hands in the air, and run around in circles screaming.

I am not entirely kidding.

Given the aforementioned breaches and those at major retailers like Target, Home Depot, Kmart, Staples, and so many others, chances are good that you, along with every other consumer, have had your personal information fall into the hands of undesirable people: a credit card number stolen, an online account taken over, and more.

The cold truth is that the JPMorgan breach and the rest are not symptomatic of anything new—online businesses have been under constant cyberattack for well over a decade. What’s different today is that there is a lot more at stake because so much of what we do every day is online.

Here is what I recommend: use two-factor authentication—essentially verifying via SMS on your mobile phone that you are the owner of a particular account online, every time you sign on. Google, Facebook, Twitter, and just about every major bank provides this option. Also, since everyone gets hacked online eventually, make sure the damage is limited. Nothing is more annoying to a hacker than cracking an account only to find nothing worth stealing. Remove any unnecessary personal data from the cloud, such as archived pictures, e-mail, Twitter, and Facebook messages, and so on.

If you own or operate a business online, what might be most alarming is that very large companies with seemingly unlimited budgets, like JPMorgan, are still being attacked. And as that breach showed, companies often do not know they have been hit, which expands the window of time in which criminals can cause damage.

So you should assume a compromise will happen eventually, and then design a system where your team is the first to know, rather than the last. One way to do this is to place special records in your databases that are meant to never be read, accounts that should never be logged into, files that should never be touched, and so on. These serve as tripwires—the moment someone accesses these items, you know something bad is happening, and you can take databases offline and call for help.

We need to rethink how we approach Internet security. Too often security investments are made in technologies like antivirus software or network firewalls that will do next to nothing to stop a Web-based attack. In most breaches, hackers are attacking Web-based applications—so we need to find and fix those vulnerabilities before the bad guys exploit them. They’re in it for the money, so your goal is to make any attack harder, and thus more costly—in which case they’ll slow down or shift to new targets. Then the rest of us will have less reason to run around screaming with our hands in the air.

Jeremiah Grossman is the founder and interim CEO of WhiteHat Security and former information security officer at Yahoo.

Seven Must-Read Stories (Week Ending November 1, 2014)

Another chance to catch the most interesting, and important, articles from the previous week on MIT Technology Review.

MIT Technology Review 31/10/2014

  1. Alert! Websites Will Soon Start Pushing App-Style Notifications
    A new feature of most browsers will let them issue alerts through a PC or mobile operating system.
  2. Your Retirement May Include a Robot Helper
    As industrial robots become more capable, they could start helping out around the home.
  3. A Credit Card Terminal That Takes Apps
    A former head of Google Wallet rolls out a “smart” terminal for all kinds of payments.
  4. Will a Breakthrough Solar Technology See the Light of Day?
    A startup that might have a record-breaking solar cell is in danger of going out of business.
  5. Materials Trick Might Help Move Computers Beyond Silicon
    Ferroelectric materials could take computing beyond digital logic.
  6. Google’s Secretive DeepMind Startup Unveils a “Neural Turing Machine”
    DeepMind has built a neural network that can access an external memory like a conventional Turing machine. The result is a computer that mimics the short-term memory of the human brain.
  7. Computers Could Talk Themselves into Giving Up Secrets
    Malware might use a voice synthesizer to bypass some security controllers, researchers say.

Recommended from Around the Web (Week Ending November 1, 2014)

A roundup of the most interesting stories from other sites, collected by the staff at MIT Technology Review.

MIT TR Editors 30/10/2014

Two Years After Hurricane Sandy, a Reminder of What Utilities Faced as the Storm Approached
A look at why the storm's devastation was so hard to predict, and for utilities to prepare for.
Kevin Bullis, senior editor, materials

The Search for the Anti-Facebook
Interesting take on why all Facebook rivals are doomed to fail.
Timothy Maher, managing editor

Mood and Magnetic Stimulation
McLean Hospital reveals a hopeful alternative and/or positive addition to depression drug therapy.
—J. Juniper Friedman, associate Web producer

Ed Snowden Taught Me to Smuggle Secrets Past Incredible Danger. Now I Teach You.
This account of what leaker Edward Snowden had to do to communicate with documentary journalist Laura Poitras suggests that encryption software could do with a redesign. Glenn Greenwald nearly missed out on the scoop because he couldn't be bothered to learn to use it.
Tom Simonite, San Francisco bureau chief

William Gibson Interview: Time Travel, Virtual Reality, and His New Book
Sci-fi author William Gibson on predicting the future and the trouble with time travel: "Things have occurred to me in the course of writing science fiction that I put into the story and then went back and removed because I didn't want anyone to do it."
—Tom Simonite

It’s Game Over for ‘Gamers’
A victim of “Gamergate” argues it won’t succeed because games have become bigger than the hard-core gaming crowd.
—Nanette Byrnes,  senior editor, Business Reports

In Search of Uber's Unicorn
This Slate story offers a good look at what Uber drivers may really be making vs. what the company claims they tend to make.
Rachel Metz, senior editor, mobile

The Existential Crisis of Public Life Online
On Gamergate and the "falseness" of a lot of social-media discourse.
Brian Bergstein, deputy editor

Verizon Is Scared of the Truth
This gamely written analysis of Verizon's new tech pub, Sugarstring, can be summed up in five words: "Verizon is laughing at you."
—Kyanna Sutton, senior Web producer

Publicidade

Vídeo

Inovadores com menos de 35 anos Brasil

Mais Vídeos

Informes Especiais

Uma Cura para os Gastos com Saúde

Os gastos com a saúde estão fora de controle. E a inovação em medicamentos, testes e tratamentos é o motivo. Mas e se a tecnologia pudesse ser uma forma de poupar dinheiro ao invés de gastá-lo?

Ganhando Com Dispositivos Móveis

Publicidade
Publicidade