I recently saw a post on Twitter where someone extolled their love for the password manager software they use. They also mentioned the information that was stored in it, the type of information that is the secret sauce to a person’s identity: user names, passwords and banking information.
While I think the use of password management software isn’t entirely a bad idea (as long as you have other defenses in place), I do believe it’s a bad idea announcing WHAT YOU USE to store the recipe for your secret sauce, particularly when it’s on a social networking website, for everyone to see. That’s akin to announcing to the whole world the name and model number of the safe I use at home, what’s stored inside and where it is. But I’m still using a safe, so I’m secure right? No!
Posting critical information like that to a social networking website will make you a likelier target for hackers. It will be easy for them to build a profile of people based on their blog, Twitter and Facebook accounts, then plan a social engineering attack. The attack may come in the form of gaining your trust, then sending you a malicious file for you to execute. A general search of 1Password or Keepass on Twitter, will show you lots of users who are using the software.
While the secret sauce maybe encrypted, if a computer is infected with a trojan horse that has key logging features, the encryption no longer protects you and it becomes a moot point. If you don’t keep your operating system up to date, use anti-virus and a firewall that just makes you even more susceptible to your secret sauce being revealed.
The other question to ask yourself is, where do you store this information? Is that encrypted file on a laptop or desktop? What if the laptop is lost or stolen? Hopefully there is a back up. And a back up of that back up.
Rule of thumb: The more information you reveal about your computer’s defenses, the more vulnerable you become.
What concerns me, is how easily this lack of knowledge is spread via Twitter, and it will give people who aren’t as technically savvy, the wrong idea. I can guarante a lot of people will try out the password manager but forget to do everything else, like update their browser, anti-virus, operating system and install a firewall. If that’s the case, they will have all their eggs in one basket, and be ripe for the picking.
As the latest art heist in Paris demonstrates, physical security is just as important as information security.
If a security system is not updated properly, you can bet that bad things will eventually happen. So if you haven’t backed up your files, updated your operating system or anti-virus software, you better get to it now.
Here is a quick highlight of some of the mistakes made:
Malfunctioning security system since March 30th (almost 2 months)
Spare parts for security system have yet to arrive (possible inside job?)
Apparently the president of the museum was unaware the security system was not working (inside job?)
Security cameras pointing toward the ceiling instead of ground level (inside job?)
Security guards were ‘dozing’ off, who saw nothing
Theft wasn’t noticed will 7am the next morning
Paintings were most likely staked out in advanced as thief knew exactly which rooms to target
In 2006, 15 Million pounds spent to upgrade the security system that produced only grainy images of perpetrator caught on CCTV
Seems like a lot of these issues could have been avoided a long time ago.
This is a great example of how computer networking equipment should not be safe guarded. Not only was the door left WIDE OPEN for everyone to see, its also a janitors closet!
The photo was taken at undisclosed post-secondary educational facility in the GTA while I was attending a night class.
As you can see, the computer equipment is stored in a storage room shared with cleaning services. The switch and cables are just inches away from the a big white plastic container of, what I can only assume is, cleaning solvents.
Risk of fire, theft and network intrusion are the first thoughts that come to my mind!