Dell Software Exec: Strong Password Would Not Have Stopped Latest Hack
ADOTAS — In response to Today’s Burning Question about reports of the latest major cyberattack, Bill Evans (pictured below), Sr. Director of Product Marketing at Dell Software, offered the following reaction.
- The attack was perpetrated with a start date of October 21 – a bit over a month ago. Whoever did this did it in about 6 weeks. That’s 333,333 accounts per week, more than 47,000 accounts per day, about 2,000 accounts per hour or about 33 accounts per minute. That’s an account every 2 seconds.
- No one is sure if the perpetrators will be caught. Because of the way these accounts were collected, tracing the owner of the information will be challenging to say the least.
- The account types that were collected include Facebook, Yahoo, Google and ADP. While certainly disconcerting, a compromised Facebook account is probably not all that bad…unless. Unless you also happen to use your Facebook credentials for other sites like retail sites where you might buy clothes. Now these guys can access perhaps stored credit card data. The other site that was targeted was ADP. ADP is where many employees go to view their pay stubs when they are paid by direct deposit. From what I understand, all of these vendors have already taken steps to address this issue, which is to be applauded.
- And perhaps most disconcerting is how this act was executed. Essentially, a bit of malicious code (malware) was placed on the target computers. It sat there waiting for the user to type in their credentials (user id and password) and it basically made a copy and sent it to the perpetrator of this attack.
Here’s the real problem, though: You oftentimes hear of security organizations speak about “strong passwords.” Based on this type of attack, even having a strong password would not be sufficient. The malware was just making a copy of the password as it was being typed and sending it along. This type of attack would have been as successful with a password of “12345” as it would with a password of “Q67hfb%oo98G^5” (and no, that’s not my password).
So, what’s a user to do? There are several steps everyone must take to avoid this and many other security attacks.
- Strong passwords: Okay, I said it. It wouldn’t help here, but they do help.
- Unique passwords: Don’t use the same password for every account. Attackers know people do this so once they have one password, they will visit other sites and just try the same or a variation of the known password. I know you reuse passwords. You shouldn’t.
- Consider unique accounts: Many sites give you the option of creating an account using your “social media” credentials which is easy or creating a unique account for their site. Do the latter. It might be a hassle, but it’s easier than dealing with the fallout of a compromised account.
- Consider vendors that offer multi-factor authentication (and this goes for site owners as well): We already discussed that you shouldn’t use the same password for Facebook as you do for your bank account. Beyond that, however, ask your bank or do your banking with a company that can offer you “multi-factor authentication.” This might be a keyfob that gives you a second password (or PIN) that must be entered in addition to your password. In this authentication scenario, even if the bad guy has your password, he still can’t access your account because he doesn’t have your second “one time password.”
- Keep your virus protection installed, operational and up to date. It’s unclear as to whether the infected computers had virus protection, but better safe than sorry.
No comments yet
Leave a Comment
- BroadbandTV CEO is Named Young Global Leader by the World Economic Forum
- Intent Media Hires Noted Travel Industry Exec Noreen Henry as VP of Business Development
- Ampush Appoints Rick Cotton as Chief Revenue Officer
- Facebook Exchange Partner Perfect Audience Taps into Google Merchant Accounts for Retargeting
- Covario Names Jeff MacGurn Senior Vice President
- BroadbandTV CEO is Named Young Global Leader by the World Economic Forum March 11th 2014 VANCOUVER, March 11, 2014 (ADOTAS) – Shahrzad Rafati, founder and CEO [...] more »
- Intent Media Hires Noted Travel Industry Exec Noreen Henry as VP of Business Development March 11th 2014 NEW YORK, March 11, 2014 (ADOTAS) — Intent Media, an [...] more »
- Ampush Appoints Rick Cotton as Chief Revenue Officer March 11th 2014 SAN FRANCISCO, March 11, 2014 (ADOTAS) – Ampush, a leading [...] more »
- Facebook Exchange Partner Perfect Audience Taps into Google Merchant Accounts for Retargeting March 11th 2014 ADOTAS – You may already know that Facebook Exchange (FBX) [...] more »
- Covario Names Jeff MacGurn Senior Vice President March 11th 2014 SAN DIEGO, March 11, 2014 (ADOTAS) -– Covario, a leading independent [...] more »
- Kitara Media Appoints Chris Magdelinskas as Chief Technology Officer March 11th 2014 JERSEY CITY, March 11, 2014 (ADOTAS) — Kitara Media Corp. [...] more »
- Adknowledge Acquires Video Syndicator Giant Media March 10th 2014 KANSAS CITY, Mo. and LOS ANGELES, March 10, 2014 (ADOTAS) [...] more »
- 5 Keys to Capitalizing on the Mobile Gaming Phenomenon March 11th 2014
- The Programmatic Future: Automation Poised to Dominate Video Ad Buying March 10th 2014
- You Have My Data, Now Stop Retargeting Me! March 7th 2014
- The Top 5 New Video Ads: Snickers, Pepsi, HUVr, Hugo Boss March 7th 2014
- Spotlight on Search: Yahoo! Gemini vs. Google Enhanced Campaigns March 6th 2014
- Marketing Operations Manager - Healthcare
- Director Digital Engagements
- Website Designer
- Online Account Manager
- Online Media Buyer
- Adknowledge Acquires Video Syndicator Giant Media - Responsivemts | Responsivemts: [...] Fans Among Farmers, Filmmakers#Selfie Music Video Dominates With Help From Social Media InfluencersAdknowledge Acquires
- Today’s Burning Question: Instagram’s $100 Million Ad Deal with Omnicom - Responsivemts | Responsivemts: [...] Tech Companies Must Improve EncryptionThe (Important) SXSW Panels You Missed, Explained by CartoonsToday’s Burning
- Bitly Adds New Leadership, Partners with Moz for Inbound Link Marketing Intelligence - Responsivemts | Responsivemts: [...] Live Video: Edward Snowden at SXSWSheryl Sandberg Teams Up With Beyonce to Ban
- Finding Your Brand Advocates, Are You Ready for Super Bowl Sunday? - Inside CXM: [...] Theresa Trevor, Adotas, offers 5 simple rules to motivate brand advocates: [...]