We now live in a digital world where technology makes the world go round. At home, we try to automate as much as we can so we free ourselves from the hassle of doing manual labor leaving us with more time to pursue our interests. The same thing applies to work where tech gadgets dominate the workspace. It is not uncommon today to receive work-related emails even in the wee hours of the morning because that is now the norm.
Almost everyone also owns a smartphone or two aside from possibly owning a tablet and a personal computer/ laptop. The number of gadgets in our lives put our important data and files at risk of data loss or hacking. We should value the importance of cyber security because not only we own all these tech devices but because we also use them to connect to the World Wide Web every day.
We all know that what we mean by hacker around here and what the world at large thinks of as a hacker are often two different things. But as our systems get more and more connected to each other and the public Internet, you can’t afford to ignore the other hackers — the black-hats and the criminals. Even if you think your data isn’t valuable, sometimes your computing resources are, as evidenced by the recent attack launched from unprotected cameras connected to the Internet.
As [Elliot Williams] reported earlier, Trustwave (a cybersecurity company) recently announced they had found a backdoor in some Chinese voice over IP gateways. Apparently, they left themselves an undocumented root password on the device and — to make things worse — they use a proprietary challenge/response system for passwords that is insufficiently secure. Our point isn’t really about this particular device, but if you are interested in the details of the algorithm, there is a tool on GitHub, created by [JacobMisirian] using the Trustwave data. Our interest is in the practice of leaving intentional backdoors in products. A backdoor like this — once discovered — could be used by anyone else, not just the company that put it there.
And we continue to experience computing issues as the days go by. At times, such problems can cripple the entire system of major businesses and affect thousands to millions of people using it.
It’s been a rough couple of weeks for the internet. First, Google researchers revealed a serious vulnerability that was causing private data to be leaked from some websites supported by Cloudflare. Then, other Google researchers announced that they had broken the popular encryption algorithm SHA-1. Finally, just when you thought your faith in the internet couldn’t sink any lower, an Amazon data center in Virginia started having problems Tuesday, causing major outages for a number of sites that rely on the company’s popular Amazon Web Services infrastructure.
At this point, we practically expect that whatever personal information we enter into websites will be stolen. But this is different. These incidents point to weaknesses in some of the most ubiquitous and trusted brands (and algorithms) in technology—thousands of organizations and millions of people rely on Cloudflare, Amazon Web Services, and SHA-1 every day. And, in fact, part of the point and promise of using cloud computing services, like Amazon Web Services, is to ease the burden for every individual company owner and website operator.
As the popularity of cloud computing increases so is the possibility of experiencing problems with it that can affect everyone else relying on that single server for storage and security among others and opened up another round of debate regarding the Internet that will likely have no end.
On the whole, from a security and reliability standpoint, this is usually a good thing. Amazon, like most other major cloud providers, has invested in both resources and very talented security engineers to ensure that its infrastructure is well protected and resilient. Without a doubt, it does a better job at providing security than most of their customers would be able to do on their own.
But nobody’s perfect, and when you’ve got thousands of customers all relying on a single service provider and something does go wrong, it’s no longer a small isolated incident. Instead, it’s huge swaths of the internet suddenly becoming inaccessible, as they did on Tuesday.
In the wake of that outage, some people were quick to point out that the internet was deliberately designed to be decentralized specifically so it would not have single points of failure that could take out huge parts of the network. Centralizing everyone’s computing in the massive data centers of the major cloud service providers means that those companies do, indeed, become single points of failure. Very secure, reliable single points of failure, for the most part, but certainly not infallible ones.
Cybersecurity remains to be a big issue for many mainly because of the catastrophic implications once important and sensitive data get into the wrong hands. We rely heavily on the Internet and on technology in almost every aspect of our modern society. Chaos and mass hysteria may happen if something goes wrong and precious data on the web or on your gadget is compromised.
While many blame the government for some of these security issues, hackers are also to blame as they become more adept and skilled in hacking complex systems and bypassing cyber security measures enforced by the government and server companies.
Protect your gadget and data as an ordinary citizen. Arm your gadgets with antivirus or firewall for protection from malware and viruses. Never visit questionable sites or risk introducing harm to your system. And as for the rest, we can only cross our finger and hope that our data remains secure right where they are now.