Sophos' Naked Security article "Boutique babycare website hack - not just the Big Guys at risk" link http://nakedsecurity.sophos.com/2013/01/21/boutique-babycare-website-hack/
Article is mainly about @JokerCracker or https://twitter.com/JokerCracker hacking of a Babycare website.
[Personal comment: I really think hacking a Child or Baby care site publicly is about as bad as being a pedophile, and have to wonder about the motivation for doing so. I plan to cover ethics & morality eventually on this blog, as it relates to Security & Hacking issues.]
Of course the passwords were not encrypted.
They suggest not using services that you suspect don't follow best practices, which is nice sounding advice, but not real practical for many in real world situations.
Generally speaking, there is no real way to know, without doing Pen Testing, if a site has good, bad, or fair security.
Unless it is REALLY bad, like not using HTTPS for logins & such, which I have personally experienced.
Before I started this blog, I was putting a lot of effort into Book reviewing, since I am a writer and a book worm.
While exploring ways to get frequent ARC (Advance Reader Copies, which are copies of book that are printed before they are published, like getting hands on new hardware or software before it is released to the public, legitimate way to do reviews before book is published), found a specific company that I was real interested in working with, that didn't use HTTPS on their site.
Even though they required SSN & other PII for application to the the ARC program, the PII stuff was more or less needed, but they were clearly not handling data properly.
I sent email to them about the issue, and from their response it was clear they were so clueless about Best Practices, that there was no point in trying to educate them, till they get hacked.
There is a saying, something like "Fools never learn, most people learn the hard way, and wise people learn from others mistakes."
No comments:
Post a Comment