Interview with Robert Siciliano
Will Two-Factor Passwords Be the New Normal for Web Life?
About.com: Robert: thank you for your time. Being a network security specialist must be both very technical and very frustrating: you see exciting technologies evolve, and you also see how people’s lives are negatively impacted when the bad guys win. Can you tell us more about your work, and why you find it so interesting to be in networking security?
For the past 30 years I’ve been embedded in the world of personal security as it relates to violence and theft prevention. These issues used to be primarily physical world proiblems and now they’ve significantly moved into the realm of the virtual world too. My daily routine consists of consuming all that is wrong and bad in the world and breaking it down so people understand how to proactively prevent it from happening to them.
About.com Question 1: The Public Is Being Hurt by Password Theft? Large-scale hacking and credential theft is so commonplace now. Mt.Gox had $460 million bitcoins hacked in spring of this year. the Target chain of stores had its customers’ credit card information credentials stolen this last Thanksgiving. Sony Playstation Network and Gawker were hacked several months ago to the tune of 77+ million users’ credentials. And now a Russian crime ring has been uncovered as having pilfered 1.2 billion user names and passwords. Is this a worrisome trend? How does this hurt and impact us as private individuals using the Web?
It has been said that in the year 2000 that bad guys were about one year behind the good guys in technology. By 2004 they were neck and neck with the good guys. Today, the bad guys seem to be winning in many facets of technology that may one day cause such havoc that the lights may go off and bank accounts end up entirely empty, and that scares me. Every little breach is like a stone in a pond. The ripple effects may not have immediate impact, but they eventually trickle down and affect you and me in multiple ways. A compromised account can cause time and financial headaches that result in martial disputes and so on. That’s what is so wrong about all this data insecurity.
About.com Question 2: How Hackers Do These Large-Scale Thefts. I know this can be a very technical topic, but you can explain to us how these criminals access private databases and steal our password credentials? Perhaps give us a semi-technical overview of the holes in our websites and how the hackers get in there?
There are a number of ways data gets hacked. the most common include criminal hackers looking for vulnerabilities in a company’s networks such as flaws in hardware, software or outdated systems that can be compromised. But even the most secure system can be overtaken by a savvy criminal who simply sends an email or makes a phone call and tricks a company employee into giving up his credentials to log into a network. Once in, the criminal can do significant damage.