Thursday, September 27, 2012

Change your password.

Years ago before the internet, all communication was done over phone lines. You had to have a device that would allow your computing equipment to talk to each other such as a modem. Say a finance company employee would dial up the credit bureau computer, wait for a modem tone and then place the headset into what was known as an acoustic coupler (early version of a dumb modem aka modulator/demodulator unit).  Once connected the employee could type characters on a teletype device that was connected to the phone line for a name and password. Then to eventually get information about potential customers (i.e pull a credit bureau).

The teletype machine had many fancy looking character keys on the keyboard. So that typing in the user name and password would seem very complicated. Computers only deal with ones and zeros. So the teletype machine had to translate when a key was pressed into a number that could be sent over the modem. At the time there was sort of a standard known as ASCII (American standard code for information interchange).  See http://www.asciitable.com/ for an example.  That means if you typed and upper case "A",  the number 65 would be sent to the credit bureau.  Actually the number 01000001 or sixty-five in binary would be sent and then translated at the other end as an "A".  The same sort of sequence would happen even when the funny characters were sent from the keyboard.

Sales of the special teletype and it's keyboard were regulated. One would think that unless you had that keyboard with those funny characters  that no one could log into the credit bureau and pull information with or without permission. There seemed to be a false sense of security with that particular system. Normally, the teletype machines came with a manual that explained what numbers were being sent when a key was pressed. You could get the manuals through other means, Sometimes this was known as a ascii code table or list. The technology was so new it was thought that no one could repeat the process. The credit bureau computers did not care what characters (aka ones and zeroes) they received as long as they were the right ones for the logon to their system.

About the same time, home computers came along. They had keyboards too, but without the fancy keys. One would think that connecting to the credit bureau via modem from a home computer would not allow the credit bureau to be accessed. Actually, you could program the computer to send the right ones and zeroes if you knew the ascii codes from the teletype manual and the actual login and passwords.  If your teletype machine went down, you had a way for access without the need for the teletype machine. Back then, no one ever really changed passwords even if an employee left a business such as the finance company.  So an unscrupulous former employee could also access the credit bureau on their own with a home computer properly set up. Not good.

With today's internet, the same kind of situation can arise with change of employee leaving a company for whatever reason or even  someone monitoring a company's communications for logins and passwords can get the information they need to do illegal acts.  Just because the technology is new does not mean it can not be duplicated in some way. You can do what is known as encryption to help keep logins and passwords secure. Also some companies use what is known as multiple authentication to aid communication security. The most important way is to change logins and passwords regularly to keep systems secure. Some companies require change of passwords on a regular basis. 

Having done tech support for many years, I know that many employees do not want to bother with passwords much less logins at all. So having to change passwords at a regular interval is like a blasphemy to them. You have to instill the need for security with articles like this to raise their awareness of the issues to prevent problems. Cyberwars (en.wikipedia.org/wiki/Cyberwarfare) on both business and personal computer systems is a reality we can not ignore. Change the passwords........

Not advocating this in any shape or form. For informational purposes only to know what some one is up against. Note: This video was deleted....

No comments:

Post a Comment