This week, Twitter had sensitive documents leaked in a roundabout method that involved a Twitter employee being phished and their Google password used to access sensitive data stored online in Google Apps. TechCrunch, the final recipient of these documents, vigorously defended their position on republishing the found Twitter documents citing leaks (in whatever form) have always existed and served as an information source. While true in a journalistic sense, it opens the door to a greater question of data security in a world where all your information is stored online in some fashion. Protecting your personal information on the Internet has been an ongoing struggle. Every time you interact, whether it’s a post to a blog, comment in a forum or just “tweet,” you are growing the hacker target on your back. Take this example:
I am on Twitter and micro-blog regularly to my account. From just my Twitter account, you can get my full name and location. Now, within a few clicks you can probably trace down my e-mail address from some previous post to a forum, newsgroup or even comments on an article in certain instances. At that point, even a semi-dense hacker has enough information to launch a targeted phishing attempt against me. Granted, I triple check any links I get in e-mail to ensure it takes me where I am supposedly going, but I am someone who works in the trenches of the online industry and have been trained from DNA up to be careful of any kind of attacks.
Google’s announcement of Chrome OS, an operating system that is enhanced by Internet connectivity, creates a security conundrum of mammoth proportions for the general population…illustrated by the Twitter security breach. If you are compromised in a world of always-on connectivity and data living in a personal cloud, the ramifications are no longer just limited to someone reading your e-mail. They now have access to anything that you did and can, in fact, lock you out of your own account.
Grant Gross of PC World wrote an article last week citing how the new Google Chrome OS promises a world with no malware, no security updates and no viruses. Sure, Google has shown that it is pretty good with spam guarding your mail accounts, but when it comes to protecting the user against itself it’s not just Google but everyone that has failed. Gross’ article contains a quote from Brian Chess, CSO of Fortify Software that sums up the real issue – “The question is, is the system going to be able to do a reasonable job of defending itself even in the face of a certain amount of user error?”
Every generation that adapts to new technology increases their collective intellect regarding that technology. From the blinking 12:00 on your parents’ VCR to cell phones to computers, each successive age group to adapt to the new technology takes as rote things the previous age group struggled with. However, the Internet provides a mixed bag of every demographic across the globe. Over time, those groups will adapt and understand the underlying nuances of new technology a little more.
However, a vast majority of these people currently look at Windows OS as a black box that presents them a nice UI and relatively secure access to their personal things…so much so that people have no problem keeping their taxes, personal data and even lists of their passwords on their PCs. Even today, spyware and malware, phishing and other attacks cause a boom for businesses that focus on PC security and data recovery. Fast forward to a world where this data is living not only on their computer but also accessible through some password scheme on the Internet and you’ve got a formula for potential disaster.
Yes, Google is aware of this. Possibly no one understands online user behavior better than Google, evidenced by their success both in product development, adoption and their beefy stock price. However, the intellectual gap may prove tougher to solve than any of its technical hurdles. Let’s hope, for the sake of the everyman, that Chrome OS has such great security features that it stops users from inadvertently giving away their data. Maybe the leak at Twitter is a good place to start with beta testers.
Jack Margo is senior vice president of Internet operations at Ziff Davis Enterprise.