Create and deliver personalized experiences across digital properties at scale
Build engaging websites with intuitive web content management
Leverage a complete UI toolbox for web, mobile and desktop development
Build, protect and deploy apps across any platform and mobile device
Build mobile apps for iOS, Android and Windows Phone
Rapidly develop, manage and deploy business apps, delivered as SaaS in the cloud
Automate UI, load and performance testing for web, desktop and mobile
Optimize data integration with high-performance connectivity
Automate decision processes with a no-code business rules engine
Globally scale websites with innovative content management and infrastructure approaches
Content-focused web and mobile solution for empowering marketers
Faster, tailored mobile experiences for any device and data source
UX and app modernization to powerfully navigate today's digital landscape
Fuel agility with ever-ready applications, built in the cloud
$6.5 million. That's how much richer I would be if I had a dollar for every LinkedIn encrypted password publicly posted on a Russian website. While we never want our information to be compromised, we LinkedIn users can take some comfort in the fact that the passwords were encrypted. We now have a small window of time to change our passwords, as LinkedIn has advised us to do. But let's stop for a minute and ponder the impact of encryption in this scenario. What if the passwords were not encrypted?
First, that small window of time for damage control would be slammed shut. Someone would now know one of the passwords that we likely use for more than just our linked in profile. What can they do with that information? The list is endless. And it’s exactly that type of vulnerability that is opened by database drivers that do not encrypt credentials. So let's take a breath and return to the reality, which is, the passwords were encrypted and we are not powerless to prevent any further potential damage. But what lessons should IT professionals take from this?
I advise that IT folks choose a database with an encryption option, ensure they set the encryption option on the database, and use a driver that encrypts passwords sent across the network. Unlike other drivers, Progress DataDirect drivers support both kerberos authentication and encrypting all user credentials across the network. Similar to the Global payments security breach I wrote about last month, we need to be proactive in addressing security concerns.
How do we stop hackers from trying to compromise security? That question, I cannot answer - tougher jail sentences maybe? The LinkedIn example appears to be a lesson we didn't have to learn the hard way - thanks to encryption. Luckily, LinkedIn took appropriate measures to ensure their users' security. Customers of companies who, unlike LinkedIn, play fast and loose with data might not be so lucky.
View all posts from Paul Griffin on the Progress blog. Connect with us about all things application development and deployment, data integration and digital business.
Copyright © 2017, Progress Software Corporation and/or its subsidiaries or affiliates.
All Rights Reserved.
Progress, Telerik, and certain product names used herein are trademarks or registered trademarks of Progress Software Corporation and/or one of its subsidiaries or affiliates in the U.S. and/or other countries. See Trademarks or appropriate markings.