With the recent news coming out on an arrest of a teen involved with the hacking group Lulzsec, I sense a bit of hysteria coming from the general public about their personal information being stolen or published on the internet for all to see.
Lulzsec and data storage
For now it seems the rumour before the arrest was made that Lulzsec had stolen the British census data 2011 is false, the group themselves have confirmed that they do not have this data and indeed never did have this data, but it does raise a few questions about how our data is stored online.
After the Sony groups servers were hacked this year (Their stock consequently dropped by over 2.08 billion dollars – Lulzsec claimed responsibility for the hack which took them offline), it was revealed that the passwords were stored in the database as plain text. Now as a programmer I have to tell you, this is unheard of in the real world. You just never, ever, would store a password as plain text, it’s a matter of course to encrypt passwords stored in this way, quite honestly I’m still absolutely shocked at that kind of unprofessionalism from a company that you would imagine, has all the resources in the world at it’s fingertips.. yet a 10 year old with basic programming knowledge would do a better job of storing data than a multinational conglomerate!
If Sony can’t encrypt your password…?
From what we know, if a company the size of Sony, cannot store your password in a safe/encrypted fashion, imagine how many others are doing the same thing? You need to operate as if your data is NEVER safe for any accounts you hold online.
Taking online security into your own hands
- Never use the same password for any two online accounts. You should have a different password for every online account you have. That way, if someone does get their hands on let’s say your Facebook password, they can’t go use that same password to access your Paypal account.
- Use secure passwords, I know they can be a pain when you can’t remember what they are, but instead of choosing something easy to remember, choose something secure. Every web site will have a ‘forgot password’ form, so if you do delete cookies and don’t have it written anywhere, just use that.
- Speaking of cookies, delete them frequently, it’s just good practice!
- Change your passwords frequently also, to equally secure ones each time.
- A massive part of identity theft involves someone getting their hands on a bill in your name, always make sure your post is secure, or if you don’t know the people you live with have it delivered elsewhere more securely. Always shred any paper with your name and address on it before throwing it out.
- If you pay for something using your credit card, you will see on a lot of web sites now ‘remember my credit card details for the next time’, don’t ever select this option, type in credit card numbers fresh everytime. And if you don’t know the web site at least go through Paypal then instead so that you are not giving your credit card number to that unknown person, of course your Paypal account could still be hacked, but at least you’re not handing over your number voluntarily to a criminal web site. (Some web sites are specifically set up for this purpose, once they get enough credit cards they go offline, you not only never see the product you purchased, but now they have had your credit card number for that length of time also.)
- Give a fake date of birth every-time a web site insists on one. I always feel quite affronted to see this for regular forum accounts or the like, they do NOT need to know or store this information for basic accounts. (Or any account really!)
- Also give a fake or very short (just the city) address on any web site that insists on one, unless it’s for delivery purposes they don’t need to know that information.
- Do you use your real name on Facebook? You can put a fake surname very easily even on an existing account, and you should, Facebook leaks data everywhere. You can tell friends you meet what name to search for you with.
- Never, EVER respond to an email prompting you to login to a web site using their provided link, even when from a trusted supplier’s email address, go to your browser, type in the web address manually.
General browsing security
I use Firefox for web browsing, and there’s a plugin called ‘Scriptblocker’, that protects you against anyone intercepting you while web browsing. You can choose what you will and won’t allow, so you might allow scripts to run from the domain you’re on, but block external ones such as ‘doubleclick’. Some scripts are installing tracking on your computer so that as you browse pages, their code reports back as to your browsing habits. They can collect crazy amounts of data on you, your sex, your location, what you purchase online, your favourite web pages etc etc. This information is then sold onto various companies as a commodity without you seeing one dime, I like to block this kind of stuff when possible!
You are never fully protected
Unfortunately, even if you do all of this, you’re never really safe. Whether it’s a government web site storing your census in an insecure database, an online bank being logged into from a computer with a key-tracking virus, there are always ways to steal data. We have card-skimming, we have fraudulent web sites taking login details and re-directing you to the correct site before you know what happened, you have companies storing passwords as plain text.. you have people that go through rubbish to find a bill in your name that they can use, you have people with fake driving licences, fake passports. In my opinion, you can’t worry about all of it, criminals exist we can’t do anything about that, all you can do is at least make it harder for them and be smart. The best way to be smart is to presume your data is never safe, delete it where possible, and change things frequently including your passwords and even your credit card number from time to time!