Thursday, October 18, 2012

Passwords, computers, and . . . pacemakers?

There have been a couple of interesting articles about computer and electronic security over the past few days.

The Telegraph has a useful article about password security.  A brief excerpt:

In 2009, a minor gaming website called was hacked; although you've probably never heard of the site, the hack has probably affected you or someone you know. Almost every genuine hack over the last three years can be traced back to the Rockyou leak.

The reason it was so significant is it totally changed the way hackers do business. Before Rockyou, hackers had to build word lists of potential passwords using traditional dictionaries; the 14 million or so Rockyou passwords provided an instant database showing how people actually construct their passwords.

. . .

The Rockyou leak started a chain reaction; a huge number of sites have been hacked since, releasing even more password data. Equally, technology has advanced enormously. The sort of PC you can buy in Currys can attempt 8.2 million password combinations per second. Cryptographic feats that were the stuff of legend in the Second World War could be done on your iPhone; the sort of 16-digit passcodes thought uncrackable during the Cold War are now within the reach of cracking by skilled hackers with low budgets. Goodness only knows what state-sponsored outfits in the US or China can do.

There's more at the link.  The author of the article refers to this well-known XKCD cartoon strip, which inspired a programmer to put online a random password generator that's not a bad idea at all.  Useful for lower-level security requirements.

Next, Borepatch links to a very worrying article describing how hackers could potentially gain control of implanted pacemakers and defibrillators, causing them to deliver electric shocks sufficient to disrupt normal heart activity and perhaps cause serious illness, even death.  It seems the makers of these devices built remote access in to them, for ease of maintenance . . . but included little or no security protection, because they probably never thought it would be necessary.  When you consider that not a few of our political leaders (perhaps most famously Dick Cheney) have used or currently use such devices, it's not difficult to imagine how a terrorist might be eager to exploit this vulnerability.

Moral of the story:  make yourself and your electronic environment as secure as possible!


No comments: