Don't Underestimate the Need for Security
Friday September 5, 2008
A while back I wrote a blog post called '4 Minutes to Compromise' noting that a recent report claimed that an unpatched and unprotected Windows XP system would not last more than 4 minutes on the public Internet without being compromised. Along those same lines, About.com's Internet for Beginners Guide Paul Gil recently addressed the question So, How Bad is the Threat of Hacking? Four minutes seems pretty bad. It is certainly not enough time to download and install the patches and updates necessary to protect the system. Paul's post includes an interview with whitehat hacker Jacques Erasmus and a demonstration of just how fast these systems can be 0wn3d.
Comments
Tony, i have seen windows xp non sp pc’s get compromised seconds on connecting to the internet, its insane, thats why all my friends & family have routers.
The internet is not safe without them
WOW. That is scary, what about your username and passwords getting hacked?
I use a remote access software to get my home PC when I’m traveling, is that going to get hacked?
Well, authentication is another story and whether your username and password are compromised depends heavily on your habits when you create them. One way to limit the problem is to introduce 2-factor authentication, which means that your username and password is not the only obstacle to get access to a system. There are some new solutions involving ordinary wireless and wireline phones, which make it really easy and cheap to set 2-factor up, even as a regular consumer.
Thanks William,
2-Factor Authentication sounds like the way to go. I like the sound of easy and cheap, what solutions do you suggest?
I just came across this article. My company uses a product called Phonefactor for logmein which provides that 2-factor authentication.
You can download it here:
http://www.phonefactor.com/solutions/logmein/
PhoneFactor looks pretty good, thanks for the link. I’ve installed it, easy to set and use. I guess my home pc is lot more secure now, great!
PhoneFactor is interesting because it is, among others, a 2-factor solution that relies on wireless and wireline phones. It depends heavily on the idea that users already have something at hand (a particular phone line) that does not have to be specially delivered. IMHO, this means that 2-factor authentication can be delivered a lot more ubiquitously than has been true in the past.