When The New York Times announced in January that it had been the target of four months of cyberattacks, the media giant joined a small but growing chorus of big industry names to come forward as hacking victims. Twitter, Facebook, and Apple have all recently admitted to cybersecurity breaches, and both the Washington Post and Wall Street Journal followed The New York Times with hacking announcements of their own. These admissions are a significant break from the standard post-hacking practice of keeping quiet about vulnerabilities to avoid shareholder panic.
But the taboo against going public seems to be lifting. This is important, because the persistence, scale, and breadth of the attacks mean that plenty of companies have already been compromised. The common weak link? Humans.
The New York Times suspects that hackers gained access to its computers through "spear-phishing," a technique in which a malicious link or attachment is emailed to a specific user. Jeremy Wendt, a researcher at Sandia National Laboratories who focuses on identifying attackers in cyberspace, says spear-phishing "is scary because as long as you have people using computers, they might be fooled into opening something they shouldn't." Another Sandia Labs researcher is working to reduce human-caused vulnerabilities by investigating how hackers choose targets for spear-phishing attacks.
But there is a kind of password that a hacker can't access through a compromised computer. With quantum cryptography--the science of using light rather than bits and bytes to send secure messages between machines--computers communicate coded information to each other in the form of unique patterns of photons. Those patterns are basically unhackable passwords, because photons are weird: If you observe them, they change (as the double slit experiment has famously demonstrated), thus making it impossible for an outsider to break in and take over a connection.
This is especially important for vulnerable but data-rich parts of national infrastructure, like our power grid. Because the power grid depends on a constant and automatic adjusting of feedback, its computers need a way to communicate with each other securely. Quantum cryptography makes that possible. Los Alamos National Laboratory recently tested a quantum device for just this purpose, and other recent demonstrations show that quantum cryptography can be used for both broadband and fiber optic cables.
While quantum cryptography can't protect against human error, it does offer a way to secure systems that rely more on machine, rather than human, communication.
There are some high-level initiatives to fix the human side of the equation, like the new cyberdefense program proposed by the Obama administration. And then there are some very simple, low-level initiatives, like reminding employees to stop opening all those sketchy email attachments.
More like dumb management.
Why would an employee take security seriously when management obviously doesn't. You wouldn't believe the stupid things management use their work computers for.
We all know what she's been doing with that laptop web cam of hers.
"Why" - Everyone.
The premise of the article is spot on, the "solution" isn't even close.
Security stinks because of human nature at all levels and the true lack of anyone to actually wanting to fix anything.
As in the kind of wanting that spends money and changes the status quo.
It would be a 1000 times harder to do this if all emails where sent encrypted and digitally signed, which is possible right now, and doesn't require quantum cryptography. Sure quantum cryptography would be harder to crack, but the basic problem remains. You have to have people using it. We send unencrypted email because it is not convenient to sends encrypted email, not because we can't or because it isn't quite secure. The problem here is more social then any thing else.
Also most the "security experts" are far from "experts". They are people working off of a tired old script that someone said "take these steps to be secure". And not only are things on that list taking out of context, the list wasn't very good to begin with! I love the change your password every 90 days. Let me see that means that if someone some how got my password I'm now safe because they only had it for on average 45 days. If the hacker doesn't know what to do with it in that amount of time, they need to turn in their hackers license!
Or how about this one. I have a password. It is required to be 10 characters, with numbers, different case, and special characters. And if I get it wrong three times in a row my account is locked. It doesn't matter if the fastest computer can try billions of combinations, they have to get it right in 3 tries. Now that is pretty secure.
So how do they propose to make it more "secure"?
Ask the person: What is your mother's maiden name?
And that answer can blow away the password?
And people actually give the right answer for that?!
Tell me how that made it secure. These "security" questions are undoing good security.
And of course you got the human nature that says, use the same password everywhere, including on sites they know are not very secure.
Your garage door is more secure then anything you use to access you bank account. Every time you press that button the "password" is changed. It is usually 32 bits giving about 4 billion combinations. No "90 days".
And even with the token that does the same kind of thing. They generate 6 digit random numbers. 6 digits, why so low? Because they have a human read it off and type it in. Why?
Why can't I just hook it up to my computer and have to send say 128 digits? Why can't that be secondarily verified with something like my finger print?
Brooklyn. if you think Rodney`s remark is really great, last thursday I got Lotus Esprit since I been earnin $6597 recently and just over ten-k last-month. it's realy the most-rewarding I have ever done. I began this 3 months ago and practically straight away made myself at least $82 per hour. I went to this website,, ●❤● ℬuzz80.ℂOℳ ●❤●