Is there such a thing as security in the cloud?

May 6th, 2011 at 5:22 PM  1 Comment

Unless you have been hiding under a rock you have heard about Sony’s PSN getting hacked.  Apparently I was hiding under a rock yesterday as LastPass, a cloud password storage company, also had a possible security breach and I didn’t hear about it until about late yesterday evening.

I am not going to act tough, although at first I freaked out a little bit.  Immediately rushing to conclusions, imagining all the passwords I would need to manually go through and change. Fortunately after reading their blog post and Last Pass CEO’s interview with PC World I felt a little more at ease.  I used a strong master password so I should be OK.  I am very impressed at how they handled the situation  and how open they were from the beginning.  I think I will be keeping the majority of my passwords with them.

It seems like every other day there is another company sending out emails notifying their customers that their personal information may have been compromised.  All of this has gotten me to think, with the growing number of companies learning everything it possibly can (looking at you Facebook and Google) is any information we give out on the computer really safe?  Do these cyber crimes continue to rise because the consumer is more at ease to post their private lives and information on the net?

Using LastPass and YubiKey to secure your online life

December 29th, 2010 at 9:43 PM  7 Comments

If the recent Gawker password breach (re)taught us anything, it’s the old and valued lesson of “don’t use the same password everywhere” — but as often as I repeat that phrase and cringe a little bit when I find out someone else did it, I’ve been just as guilty of this cardinal sin of network security myself… from time to time. It’s hard not to.

When you’re as active on the Internet as I am, it’s impossible to resist the urge to duplicate passwords, especially if you’re against writing them down. So you’re left to memorize them all, hope you don’t forget, and hope that you can later rely on the splendid password reset via email later on.

All of the Gawker fun also taught (or should have taught) website administrators like myself to take better care of their users. Gawker fouled up in a huge way (beyond simply exposing user data) by not taking proper steps to secure the information in their database once it was exposed. Gawker used an easily crackable cipher system (DES) which was depreciated by a new industry standard (AES) long ago.