Tuesday, December 14, 2010

SECURITY - User's Bad Habits

"Gawker Hacking Exposes Some Web Users' Bad Password Habits"
PBS Newshour 12/13/2010

Excerpts from transcript

JEFFREY BROWN (Newshour): All right, we talk about this group called Gnosis. How much do we know about what -- who they are? And what did they do to Gawker?

HARI SREENIVASAN, staff writer, Wired.com: Well, a lot of these sort of hacker groups are very shadowy in nature, in the sense that they -- there's no card-carrying membership that says, I'm part of this club. I'm the one who did this, and here is my address and phone number.

So, really, what they did to Gawker was come in behind the scenes in the past few weeks, past few months, figure out vulnerabilities, and essentially start to take the keys to the kingdom. Everything that Gawker held dear, most important, the user information, they took all of that out and splayed it out across the Internet.

They didn't hide the information for themselves for some sort of kind of nefarious means. They said, here, take it, because this is really -- they're the crown jewels for a website.
JEFFREY BROWN: Now, how are those people affected, in what ways?

HARI SREENIVASAN: Well, so, the thing -- it kind of gets back to a little bit of social engineering.

So a lot of times people don't make separate passwords and separate usernames for different websites. Sometimes, they use the same website or same e-mail address that I have for work on to a site like Gawker, and then maybe that's the same password that gets me into Facebook, and then it's also connected to Twitter.

So, as we see all of these different kind of communities that we participate in during the day, people aren't very good at keeping these walls separate. So, that's where the real influence is.

Bold-blue emphasis mine

No comments: