I just saw in the news the other day that cloud based note and document storage service Evernote was recently hacked into and potentially as many as 50 million user’s account details compromised. While Evernote has since responded that no sensitive password or financial information was taken it did decide that the potential problem was large enough to force all users of the service to reset their passwords, (I reset mine yesterday). It also joins a growing high profile list of companies that have had their security compromised in the several weeks and months including, Microsoft, Apple, The New York Times, Facebook & Twitter. So what the heck is going on here?
Well in several of these high profile hacks over the last few months the companies involved have claimed that Chinese bases hackers with connections to the military have been targeting their networks for the purposes of attempting to suppress investigative reports into alleged financial dealings by family members of Chinese Prime Minister Wen Jiabao. (Original report here)
While stories of possible cyber espionage like those alleged to have taken place against the New York Times are extremely troubling because of the potential chilling effect on free speech when dealing with issues surrounding China, more immediate threat for web developer in the commercial space comes from organized crime. There are several pieces of information that hackers to a commercial website will attempt to lay their hands on, the first and most lucrative are customer’s credit card details. The next stop on the priorities list are personal account details such as user names, passwords email addresses & any other personally identifiable information. This information is often then packaged up and sold onto others that will use the personal information they obtain to apply for fake identification, apply for credit (posing as the victim).
So while all of this might seem a bit on the gloom and doom side of things (reaching for the tin foil hats) I want to end on a positive note, so what can we as developers do to lessen the chances of client data being compromised? Well remember that the type of security your clients will need will greatly depend on the information being stored. For myself I prioritize client data as follows: Highest, financial information, very high account accesses (usernames & passwords), pretty high, personal information such as names, emails date of birth etc. While it may not be possible to defend against every conceivable type of threat out there in the wilds of the internet a properly designed hierarchy to security can prevent an annoyance for users like needing a password to be reset from turning into a disaster; getting a phone call from your bank saying you have no money.
Another week rolls on by in the world of web development. I want to talk today about security on the internet, how secure is it really for our own personal web surfing and as web developers for the websites we build for our clients. What got me thinking about this was last week for my security and quality assurance course I was tasked with researching a series of websites and the potential security vulnerabilities that those types of sites would need to be secured against. Now after several hours of research on the subject I had enough information to write and submit my assignment.
The following morning I received a scary notification from Google stating that my account someone had attempted to hack into my account from Florida and change my password. Now for some added context here, in the four years since I opened my first Google account I had never had any problems with security or attempted hacks. So while it may have been a coincidence, it seems that merely conducting background research on the most common types of hacking and the methods to prevent them have somewhat partially compromised my personal security online.
So I was left asking myself, how the heck am I supposed to be able to find out how to defend myself and my websites against hacks without being compromised in the process? After doing some additional digging it turns out there is actually quite a lot average internet users can do to lessen the chances their online accounts will be targeted. One of the easiest things to do is remove any cookies your browser stores for extended periods on your computer. Cookies are pieces of web code that allow visitors to a website to store any settings they have with a given website for use when they return later. If there are holes in the security of the cookies they can be hacked (as was the case with me) and personal information can potentially be stolen. Additionally all modern browsers come with some form of privacy mode that doesn’t store user information once the browser window has been closed. In Chrome this is called incognito browsing, and both Firefox and Internet Explorer have similar modes available in their options menus.
For people and organizations that need even higher levels of security & privacy, several of my classmates told me about different browser all together called TOR that keeps users communications secured by relaying them to different servers around the world which makes it much harder for somebody watching your Internet connection to learn what sites you visit, and it prevents the sites you visit from learning your physical location.
One final takeaway to remember with all of methods to enhance your online security, while they will make you a much harder target to find and track; but at the same time remember that none of these steps outlined is by any means full proof.
Happy 2013 everyone!
I hope you’ve had a restful time away from the away from it all and were able to spend some quality time recharging your batteries to get ready for what is sure to be an exciting new year.
One such site that I and several of my classmates are currently in the early stages of working on is an online auction site that connects buyers and sellers of a whole range of products together. We’re still in the planning and designing the features we want to include in it and without giving away too much what I can tell you is that it will feature a robust search engine for the items posted, user accounts for site visitors that want to do more than just “window shop.” One thing I realized as I sat down with my teammates to list out the main features this site will need to incorporate what became abundantly clear almost immediately complex website I will have helped construct so far. Whist this is a bit scary sitting here now at the outset it also holds a great deal of promise because this will give each of us the opportunities to really flex our coding muscles to their limits. As the old saying goes, “nothing ventured, nothing gained.”
Be sure to stay tuned for updates as things start to get underway.
Well everyone things are really heating up now in the wonderful world of Web Development. With about a week and a half left to go until the end of the semester on December 14th, I find myself in the same position as College students all over this time of year, the mad scramble to the finish line and winter break! The past week has been all about getting the finishing touches done on the last assignments and projects of the semester. So to say there’s been a lot things going back and forth recently is a tremendous understatement.
Just looking back at assignments and personal projects from as recently as July, to now, the improvement in presentation, functionality and implementation has been nothing short of incredible. So as I launch myself into my last round of projects and studying for exam keeping a bit of perspective on where I’ve come from and how my development skills have improved will be one of the key thoughts I keep in the back of my mind as the challenges of the next 2 weeks unfold. As I lose sleep to remembering how PL/SQL stored procedures work and how to make a page draw content from a database in ASP.Net I just need to keep telling myself that all pain and frustration right now will be worth it, because at the end of day what it all comes down it is making well-functioning, good looking websites that a pleasure for users that visit them.
That’s all for this week, the ASP.Net project isn’t going to code itself!
This past week I was asked to come up with some ideas for a presentation some of my classmates and I will be making at the end of the term. It wasn’t until I sat down to start working on it that I realized I had not actually used PowerPoint in a serious way to present something I was in the first semester of grade 9 back in 2000.
I did a bit of looking into it and it turns out the first version of PowerPoint was brought out in the early 1990s. My first thought when I read that was “that’s incredible,” for two reasons, first because it speaks to the power of having additional visuals aid when making a point in a presentation. Second, it’s incredible because for just over two decades we’ve been using essentially the same piece of software when we give a lecture, pitch a product and try to hammer home an idea.
Here the the thing though after so many years of using PowerPoint presentations why are the overwhelming majority of them so boring? It’s not just me being picky either, when I looked into it there is an entire body of criticism that has developed under the catch all name “Death By PowerPoint” see below:
Death By PowerPoint
Most presenters use way too much text in their slides, using it as a crutch they often default to simply reading their notes directly from the slides, offering additional insights into the topic they’re speaking on.
Of the presenters that I’ve seen, the truly effective ones keep the words to an absolute minimum and use images to convey the message in way that’s much easier to quickly understand. So to keep the word count down concepts can be extended over the course of several slides. The presenter that just about wrote the book on keeping an audience engaged was Steve Jobs during his annual keynote presentations.
Steve Jobs – 2007 iPhone Presentation
So the next time you’ve got a presentation your working on just remember that a picture is worth a thousand words!