Archive for May, 2011

The Sony hack: passwords vs. financial details

Friday, May 20th, 2011

The details are coming out about yet another data breach, this time at Sony’s PlayStation Network. Light Blue Touchpaper has the details. (excerpts below, with my emphasis)

Sometime last week, Sony discovered that up to 77 M accounts on its PlayStation Network were compromised. Sony’s network was down for a week before they finally disclosed details yesterday. Unusually, there haven’t yet been any credible claims of responsibility for the hack, so we can only go on Sony’s official statements. The breach included names and addresses, passwords, and answers to personal knowledge questions, and possibly payment details.

… regarding the leaked passwords. The risks here are very real—hackers can attempt to re-use the compromised passwords (possibly after inverting hashes using brute-force) at many other websites, including financial ones. There are no disclosure laws here though, and Sony has done nothing, not even disclosing the key technical details of how passwords were stored. The implications are very different if the passwords were stored in cleartext, hashed in a constant manner, or properly hashed and salted. Sony customers ought to know what really happened.

…this is a serious market failure. Sony’s security breach has potentially compromised passwords at hundreds of other sites where its users re-use the same password and email address as credentials. This is a significant externality, but Sony bears no legal responsibility, and it shows.

This is yet another example of why reusing passwords, and perhaps even user ids is a bad idea.  In this case, part of the exposed data includes the answers to all those secret questions – you know, the top secret ones that give you a free give-me-a-new-password pass?

(more…)

Blame Someone Else

Friday, May 13th, 2011

I’m a little late on this one.  It’s not my fault though.

Yep, it’s official. Today is Blame Someone Else Day – the first Friday the 13th of each year. And since there is only one Friday the 13th this entire year, today’s your only chance to blame others all day long. So have at it. You don’t have to take responsibility for anything that goes wrong. And you can blame someone else for all the problems, mistakes and unfairness in your life. According to the Stress Management Center and Phobia Institute in Asheville, North Carolina, an estimated 17 to 21 million people in the United States are affected by a fear of this day. Some people are so paralyzed by fear that they avoid their normal routines in doing business, taking flights or even getting out of bed. According to Wikipedia “It’s been estimated that $800-$900 million is lost in business on this day.”

(thanks to Dan Miller’s 48 Days)

Link Roundup – Crime Fighting With Glass, Peak Oil vs. Manure, Fireflies, and Men are Lame at Colors

Thursday, May 12th, 2011

Here’s my attempt to pass on some interesting stuff, and leave room to write about something substantial later.

First, some new links that have been forcing me to keep Firefox open for most of a week:

The Sure Don’t Make Pyrex Like They Used To

Most people probably don’t think of Corning as a crime fighting company, but when it sold its Pyrex brand to World Kitchen in 1998, the company accidentally made the illegal manufacture of crack cocaine more difficult—a fascinating example of unintended consequences.

(via Schneier on Security)

Fisher Investments has a good explanation about why we can’t extrapolate the future from today in  A Common Thread Between Horse Manure and Peak Oil.

Second, some old links from the backlog.

Tracking Fireflies in the forest

Cool photography project.  Read the article at Flowing Data.

How Men and Women Label Colors

This is part of the results of an experiment in which visitors were asked to name colors. I find the analysis below amusing, and even less complimentary of my gender than I would have predicted.

His calculation of most masculine and feminine colors is by far the most interesting part of the results, however. Here are the top five feminine colors, by finding the ones that were most disproportionately used by women:

  1. Dusty Teal
  2. Blush Pink
  3. Dusty Lavender
  4. Butter Yellow
  5. Dusky Rose

Not bad, right? The colors are flowery and descriptive. Nothing surprising there. Now here’s the top five masculine colors:

  1. Penis
  2. Gay
  3. WTF
  4. Dunno
  5. Baige

The only real color in the list is “baige” — and it was misspelled. Like Randall, I also weep for my gender. Although, I think these results also say a lot about the type of people who read xkcd (like me).