Everyone is talking about the hacking issue that happened last week to LivingSocial®, the daily deals site. And why wouldn’t they? The hackers gained access to customer data on their servers including emails and encrypted passwords. Although the company feels the passwords are encrypted and it would be difficult to decode them, more than 50 million of their users have been asked to reset their passwords.
Now, does encryption save you?
Encryption is all about transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge. So, if a third-party possess the knowledge to decrypt it, your information is safe no more!
Here’s one a very informative video by one of our good friends ‘Javvad Malik’ who explains password encryption on a humorous note
It may be worth appreciating the engineers at LivingSocial for adding cryptographic salt, as it calls for password cracking programs, to guess the plaintext for each individual hash, than guessing passwords for millions of tens of millions of hashes. But if they really wanted to have the information secure, then choosing the SHA1 algorithm ahead of bcrypt, scrypt, or PBKDF2 wasn’t a great move.
The entire approach has been reactive when they could have been staying proactive and watching out with eyes wide open. This is where your endpoint security needs to lead from the front.
It is not just about protecting your servers and devices within your network, it’s also about your end users.
This is the time when you turn to Security Information and Event Management (SIEM). SIEM combines two different areas: SIM and SEM. SIM (Security Information Management) that gathers and creates reports from security logs and SEM (Security Event Manager) that uses event correlation and alerting to help with the analysis of security events.
To stay ahead of the curve, you can use a SIEM security software which acts as a central collection point for device data, automatically aggregating and then normalizing this data into a consistent format.Based on this, the anomalies and security threats can be easily and quickly identified which will help respond to suspicious events.
In most cases, enterprises use correlation with security specific devices such as IDS/IPS devices, firewalls and domain controllers to take a proactive approach to network security. Going a step further, the event log analyzer understands the relationship between different activities using multiple event correlations in real time to effectively troubleshoot security issues.
Now the take-away from the LivingSocial incident and the immediate fix is that the users should not only change the passwords for their LivingSocial account but also ensure that they are not using the same passwords on other sites. They should also understand that it’s not optional.