For the past two months, it seems a new major website or web service has gotten hacked on a weekly basis. May saw the PlayStation Network fall prey to a hacker attack that compromised the credit card information, email addresses and passwords of a sizable portion of its customers. What followed was a storm of hacker attacks, which included targets such as the CIA, the US Senate, Bethesda Softworks, Nintendo, Sega, and PBS, among others.
What interests this blogger is not the hacking itself, but the recent news that the accounts of XBOX Live members have also apparently been compromised, notwithstanding the fact that Microsoft claims it was never hacked. Apparently, some of the email and password combinations compromised in the earlier attacks on Sony’s PSN, Sega, et al, also worked on XBOX Live accounts. Reports have also surfaced of similar incidents happening with Facebook accounts.
It’s pretty amazing how much collateral damage a single hacking incident could have. A perfectly secure web service can find its customers inconvenienced by the delinquency of a completely unrelated web service that happens to have the same customers, using the same passwords and email addresses. It’s easy to pin the blame on the end user for being sloppy in reusing the same email and password combinations. But in actual practice, human memory is fickle and can barely remember a single password. Let’s face it, multiple passwords by end users will be the exception, not the rule, for the foreseeable future.
This all serves to dampen the spirits of those who push for greater integration of web services. It’s bad enough that two totally rival services with absolutely no hope of integration (PSN and XBOX Live) have ably demonstrated that a security breach on one service can have dire consequences on the customers of the other. What more for services that go out of their way to integrate, like Google, Youtube, and Blogger? What of Facebook and Digg, which have been integrated into practically every website?
Perhaps it’s time to propose legislation that would mandate the major web services and websites provide adequate security measures against hacking, not just for their own benefit but for the whole internet in general. Hacking isn’t going away any time soon, and as this debacle shows, a single hack is a stone thrown into a calm, serene pond—it ripples, and shatters the serenity for all.
No comments:
Post a Comment