Aardvark Daily

Please visit the sponsor!

The internet has a problem

The internet is great.

Thanks to its complex network of copper, fiber and radio-frequency links, we can now upload cute cat videos for the entire world to see -- or engage in far less important activities such as doing our banking, exchanging important data files or even performing our entire day's work from some remote location.

However, let's face it, the best thing is that we can argue endlessly about unimportant issues with people half a world away that we don't know and will never meet.

That's the real power of the Net.

Unfortunately, making sure that our access to the many and varied websites and services on which we rely for all this fun remains secure is a real challenge, as a report in today's media demonstrates.

According to a story in that much revered and respected oracle of tabloid journalism, The Daily Mail, we've just seen "the mother of all data breaches" which has affected the users of many seemingly important websites and services.

Some 26 billion records have been scraped from a long list of very popular Net properties and odds are that you'll be affected in some way.

The report is unclear as to exactly what sort of data has been scraped in these heists but it's almost certainly login IDs and passwords at the very least.

Because the DM doesn't bother dealing much in "facts", there's no indication as to whether credit-card records or other "useful" data was also stolen.

However, if you're a user of one or more of these sites you might want to change your passwords at the very least. There appears to be a simple way to verify if you're affected by entering your email address(es) which will then be matched against the trove of exposed data.

Right now I'm wondering if the whole concept of how we identify ourselves and access key services is fatally flawed in the online world. It seems that every day we read of new breaches that threaten our security and our very identity online.

Simple ID/password pairs are so easily sidestepped by anyone who has access to the dark web or who wants to brute-force long and hard enough (as demonstrated here).

Even two-factor authentication (TFA) is pretty useless in the face of malware that steals session-cookies from computers that are already logged in such sites. We've all seen the countless number of YouTube accounts that have been taken over by such tactics, despite the company's mandating of TFA last year.

I'd love to know how we come up with a better way of authenticating ourselves as we become ever-more reliant on cyber-services.

Even things that you might expect to be pretty robust, such as biometrics, ultimately rely on hashes that can be faked.

I asked an AI chatbot what was the most secure authentication system in use today and it suggested that hardware keys were the bee's knees. These are the little devices that some banks and other services hand out and which generate what amounts to a one-time passkey that must be entered when logging in.

Unfortunately, these aren't bullet-proof either. There are countless reports of phishing or "man in the middle" attacks that easily circumvent this type of protection.

So where do we go from here?

We're using a piece of technology (the Net) which simply can't be made as secure as we need it to be. Whether it's the fact that our authentication systems are vulnerable to technological countermeasures or social-engineering, we can not be 100 percent sure that our bank accounts, our social media presence and our very identity won't be hijacked by a person or persons unknown.

Whoever can actually come up with a solution to this problem would likely leave Bezos, Musk and Zuckerberg in their dust as they became the richest person on the planet.

Carpe Diem folks!

Please visit the sponsor!

PERMALINK to this column

Rank This Aardvark Page

Change Font