![]() Make yourself a proverbial thorn in their side. Don’t leave until you get an affirmative response. If you work for a company and are knowledgeable that your customer database is “protected” by such lightweight security then run, don’t walk, to your CEO/Presidents office, pound on the door and insist (s)he puts out a mandate to fix the matter with extreme prejudice. Ignoring the fact that you should never have ever coded it this way, you have an obligation to learn from these past breaches. Over the years, there have been numerous password table security breaches: Some very high profile, some low profile, but all embarrassing (and many exceedingly expensive both in direct fines and indirect loss of business through erosion of trust and reputation).įool me once, well, no, even that’s not really acceptable, but fool me twice … I’ll go even further: Any developer who stores the password table of their database in clear text should be so mortified by this lack of security that they should not be sleeping at night until they fix it. I’m going to use data condensed from released/exposed/discovered password tables and security breaches. Obviously, I don’t have access to a credit card PIN number database. I’m not going to sell, donate or release the source data – don’t ask! Source Please do not email me asking for the database I used if you do, you will be wasting your time as I’m not going to respond. I do not want to be an enabler for script-kiddies. ![]() I will only disclose data sufficient to make my points, and will try to avoid giving specific data outside of the obvious examples. This article is not intended to be a hacker bible, or to be used as a utility, resource, or tool to help would-be thieves perform nefarious actions. I hope this article will scare you into being a little more careful in how you select your next PIN number.Īre you curious about what the least commonly used PIN number might be? People are notoriously bad at generating random passwords. Their answer will be not stand out, to appear “normal”, and not be notable in any way. What is the least memorable license plate? Ask any spy you know (snigger) what the best way to blend into a crowd is. In Randall’s cartoon, the perpetrator’s plan backfired because his selected license plate was so unique that it was very memorable. This tangentially relates to the XKCD cartoon. If you had to make predication about what the least commonly used 4-digit PIN is, what would be your guess? If you were given the task of trying to crack a random credit card by repeatedly trying PIN codes, what order should you try guessing to maximize your chances of selecting the correct number in the shortest time? Which of these pin codes is the most predictable? Which of these pin codes is the least predictable? Out of these ten thousand codes, which is the least commonly used? There are 10,000 possible combinations that the digits 0-9 can be arranged to form a 4-digit pin code. You can be cool and buy his signed artwork too. Then you explain it, and get a reply “Yeeaaaaaa…no, I still don’t get it!” Like many of his creations, this cartoon is excellent at bifurcating readers people read it, then either smile and chuckle, or stare blankly at it followed by a “Huh? I don’t get it!” comment. I have a signed copy of it on my office wall. The merging of these two humorous topics created the seed for this article. Then, later the same day, I read this XKCD cartoon. “All credit card PIN numbers in the World leaked” A good friend of mine, Ian, recently forwarded me an internet joke. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |