Navigation
The Black Book of Identity Access Mgmt
This form does not yet contain any fields.
    « GET SOME REST | Main | The Power is in your hands »
    Wednesday
    Apr202016

    I'm Crazy and So Am I

    One of the more brilliant things somebody came up with a while back was the notion that you could use an existing account to create a NEW account. “Yes, I’d love to join your blog community, but not if I have to register, wait for a confirmation email, and then remember yet another username and password. Oh wait, I can use Facebook? Cool, I’m in.”

    And of course this is how you got OAuth, and that lovely little thing called account linking.

    But here’s the catch. If somebody hacks your Facebook, they’ve got your life. It happened to a lawyer friend of mine. I got an email from him one morning, saying he was sending it from a library in London. The mail explained that he was vacationing in the UK and had been mugged. Lost his passport, cel phone, laptop. He needed some cash, and fast. He said, “I’m writing this with tears in my eyes.”

    Instantly I knew it wasn’t him. First off, it’s an old scam. Second, he would sooner bite his own thumb off as shed tears over being mugged. This makes him a great lawyer.

    I reached out to his kids and said, I think your dad’s been hacked. They said he was actually vacationing in the Carolinas, and they got in touch with him. I recommended an email blast to let all his contacts know there was a scam being perpetrated in his name, but naturally the bad guys had changed his email password. And in fact, they’d gotten into everything he had, by virtue of hacking his Facebook account. Now, Facebook didn’t get them into his bank, but it got them into his email and some other stuff, and they were able to get to his bank stuff that way. Luckily, some additional multi-factor shut them down.

    What then got creepier was when they actually started trying to chat with me via Facebook, claiming to be him. I tried to go along and solicit some info from them, maybe to discern how to get in touch, and catch the lousy bastards. But they shut the conversation down quickly. Luckily, in the end, they got nothing from this, but it caused my friend a great deal of hassle cleaning up his accounts.

    This is occasionally the argument against SSO. If somebody hacks that one password, they’ve got everything. To segment, sometimes orgs employ Reduced Sign On, RSO, meaning you need two or three passwords for a variety of apps, especially inside the firewall or VPN.

    This is where multi-factor is indeed handy. You got the right password? Great. But it’s a strange box. Before I let you log in from that strange box, let me ask you a few other things. You can also deploy defenses that look at behavior. Edward Snowden talked a bunch of people into authenticating from his machine. Why didn’t any bells go off saying, “Why are all these people using this same freaking keyboard?”

    I was asked for advice once when a friend’s daughter’s Neopets account was hacked. My first probing question was, what the hell is THAT? They explained, it’s a virtual pet world, in which you can earn points for taking care of your pet. The points allow you to buy virtual stuff for your virtual pet. So then I had to ask, why the hell would anyone want to steal virtual points?

    But it was important to his daughter, therefore it was important to him. It was, in effect, her IP. You gotta safeguard stuff like that. 

    PrintView Printer Friendly Version

    EmailEmail Article to Friend

    References (11)

    References allow you to track sources for this article, as well as articles that were written in response to this article.
    • Response
      Response: Oru Paadhi Kadhavu
      Oru Paadhi Kadhavu Neeyadi Lyrics
    • Response
      Being a bit insane and crazy is the perfect combination. No one is perfect but trust me being crazy is the step to be perfect. Until and unless you are not crazy you cannot think out of the box and see the real you.
    • Response
      Response: best fish finder
      Identity and Access Management Framework Book - Journal - I'm Crazy and So Am
    • Response
      Response: best fish finders
      Identity and Access Management Framework Book - Journal - I'm Crazy and So Am
    • Response
      Identity and Access Management Framework Book - Journal - I'm Crazy and So Am
    • Response
      Identity and Access Management Framework Book - Journal - I'm Crazy and So Am
    • Response
      Response: best fish finder
      Identity and Access Management Framework Book - Journal - I'm Crazy and So Am
    • Response
      Identity and Access Management Framework Book - Journal - I'm Crazy and So Am
    • Response
      Identity and Access Management Framework Book - Journal - I'm Crazy and So Am
    • Response
      Identity and Access Management Framework Book - Journal - I'm Crazy and So Am
    • Response
      Response: kitchen renovation
      We provide the top most quality and the best type of kitchen remodeling and renovation work covering the area of NYC, Westchester County and City of Yonkers. Thank you for nice content.

    Reader Comments

    There are no comments for this journal entry. To create a new comment, use the form below.

    PostPost a New Comment

    Enter your information below to add a new comment.

    My response is on my own website »
    Author Email (optional):
    Author URL (optional):
    Post:
     
    Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>