Deliver Awesome UI with the most complete toolboxes for .NET, Web and Mobile development
Automate UI, load and performance testing for web, desktop and mobile
Rapidly develop, manage and deploy business apps, delivered as SaaS in the cloud
Build, protect and deploy apps across any platform and mobile device
Automate decision processes with a no-code business rules engine
A complete cloud platform for an app or your entire digital business
Deploy automated machine learning to accurately predict machine failures with technology optimized for Industrial IoT.
Optimize data integration with high-performance connectivity
Connect to any cloud or on-premises data source using a standard interface
Build engaging multi-channel web and digital experiences with intuitive web content management
$6.5 million. That's how much richer I would be if I had a dollar for every LinkedIn encrypted password publicly posted on a Russian website. While we never want our information to be compromised, we LinkedIn users can take some comfort in the fact that the passwords were encrypted. We now have a small window of time to change our passwords, as LinkedIn has advised us to do. But let's stop for a minute and ponder the impact of encryption in this scenario. What if the passwords were not encrypted?
First, that small window of time for damage control would be slammed shut. Someone would now know one of the passwords that we likely use for more than just our linked in profile. What can they do with that information? The list is endless. And it’s exactly that type of vulnerability that is opened by database drivers that do not encrypt credentials. So let's take a breath and return to the reality, which is, the passwords were encrypted and we are not powerless to prevent any further potential damage. But what lessons should IT professionals take from this?
I advise that IT folks choose a database with an encryption option, ensure they set the encryption option on the database, and use a driver that encrypts passwords sent across the network. Unlike other drivers, Progress DataDirect drivers support both kerberos authentication and encrypting all user credentials across the network. Similar to the Global payments security breach I wrote about last month, we need to be proactive in addressing security concerns.
How do we stop hackers from trying to compromise security? That question, I cannot answer - tougher jail sentences maybe? The LinkedIn example appears to be a lesson we didn't have to learn the hard way - thanks to encryption. Luckily, LinkedIn took appropriate measures to ensure their users' security. Customers of companies who, unlike LinkedIn, play fast and loose with data might not be so lucky.
View all posts from Paul Griffin on the Progress blog. Connect with us about all things application development and deployment, data integration and digital business.
Copyright © 2017 Progress Software Corporation and/or its subsidiaries or affiliates.
All Rights Reserved.
Progress, Telerik, and certain product names used herein are trademarks or registered trademarks of Progress Software Corporation and/or one of its subsidiaries or affiliates in the U.S. and/or other countries. See Trademarks for appropriate markings.