Hack Challenge

Friday, November 01, 2013

Transcript

A lot of listeners responded to Brian Krebs’ story on the Experian data breach last week. The consensus: we’re all worried about the security of our personal data. Brooke speaks to Journalist and PandoDaily editor Adam Penenberg, who did what many listeners seem to think is the ultimate nightmare. He challenged hackers to hack into all of his personal information. The only information he gave them to go on? His byline.

 

Guests:

Adam Penenberg

Hosted by:

Brooke Gladstone

Comments [6]

Alexandra D from NYC

I know I might be the only 30-something person without a smart phone, so this might be a foreign concept, but what about pen and paper? If someone wants to get an online version of my passwords, that person can access my files from anywhere in the world, as this story suggests. To access my passwords on a paper file, someone has to break into my apartment, search for my hiding place, and figure out my passwords according to the sparse information I've written down.

I've never liked the concept of having all my password information listed on the very thing I use when I need those passwords. And again, I'm probably the only 30-something person who believes that the cloud is an inherently less safe storage medium, so that is out of the question for me.

Nov. 04 2013 01:29 PM
Andy from Santa Clara, CA

I'd second what Rick said, and take it further. Mr. Penenberg gives the impression that password managers are not worthwhile, and that security by obscurity is a better option.

Anyone who has a bank account, credit card, or social security number is a target for identity theft. These attacks don't have to be customized like the one against him: most passwords are weak enough to be part of a brute force attack. Any 8 character password can be guessed, but so can seemingly complicated passwords, such as ,fnfhtqrf_ijrjkflrf. It looks random, but was based on a system that a hacker guessed: if you've thought of a system to keep your passwords straight, you can bet hackers have thought of the same system.

Password managers make it easy to have long, truely random, unique passwords for all your accounts. Uniqueness is important because even if your bank is secure, your account at cutekitties.com is not. If you used the same password at both, and cutekitties gets hacked, then the hackers have your bank account.

Having good, unique passwords is important. Password managers make that tenable. Thinking that your'e not special enough to get hacked is asking for trouble.

Nov. 03 2013 07:29 PM
ArlHtsMelissa from Illinois

Let us hear how watching the video caused all these breaches?

Nov. 03 2013 02:13 PM
Robert Dall from Canada

So the editor of tech blog in silcone valley doesn't know about password managers… 

Something sounds horrible self fulling about the conclusion of this story.

I know some very un-tech people who know about these password managers… I also know some very tech people who are amazingly talented in web security who use them on a regular bases… 

Maybe Adam Penenberg should do some research before actually being quoted as saying

"I don't know anything about them, but they "sound" like a good idea

But really there is nothing you can do… "

Nov. 02 2013 04:38 PM
Tom Fiorillo from Speonk NY

As Robert Morris, the NSA computer scientist, said, "The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it." There is no security that cannot be broken on the Internet. As an aside, I always laugh when someone says the government is planning on shutting down the Internet, the greatest source of information about what everyone is doing. Anyway, I'm sure the NSA will stop spying on us, right?

Nov. 02 2013 06:43 AM
Rick from Boston, MA

re: software to manage passwords. Both LastPass and Keepass are very good. Also 1Password. There are many others, some free, some paid, some which are not well-designed, so beware. No single program is best for everyone. Depends on if you need password manager for just one personal PC, or for multiple devices; if use Windows or Mac, and which browser(s) you use. If phone/tablet is iOS or Android.
If you prefer storing your passwords on your own computer, or your own cloud data storage account, or at software vendor's storage. Do you prefer to pay for premium features or tech support, or prefer free.

If not use a password manager, at minimum, think of using 2 or 3 different passwords, of different lengths and complexity, for high, medium, low importance / risk accounts, and never use a single dictionary word (i.e. use non-words, or word-word or word-number combinations).

For extra security, google "two-factor authentication", and read about products such as "Google Authenticator" or "Yubikey".

Nov. 02 2013 01:58 AM

Leave a Comment

Register for your own account so you can vote on comments, save your favorites, and more. Learn more.
Please stay on topic, be civil, and be brief.
Email addresses are never displayed, but they are required to confirm your comments. Names are displayed with all comments. We reserve the right to edit any comments posted on this site. Please read the Comment Guidelines before posting. By leaving a comment, you agree to New York Public Radio's Privacy Policy and Terms Of Use.