2013年,应邀帮一个同学的公众号写的小专栏文章。
“Long long time ago, there lived a king”. Many years later, I still remember this piece from the textbook that my English teacher asked us to recite again and again. Today I thank her for forcing us to learn English in this straight-forward yet effective way. That’s story one.
A little while ago, there was a fresh graduate coming in for an interview. When we asked him to write some code snippet on a piece of paper, he refused “I don’t remember any code, as I can always google”. That was a real killing moment. That’s story two.
So what is the idea behind the stories? Well, I find that most successful professionals start their way up by remembering a lot of stuff in their corresponding fields. They often have very good memory as well. This is essential because you will need those information stored in your brain before you can ever build up the amazing connections and apply them in practice. These then become your knowledge and experience.
In the sense, the boy in the second story was right: Google has the knowledge of almost everything he needs. Unfortunately, we were not trying to hire Google there.
As this is a column written in English, the first person I had in mind was my English teacher back in junior high. So that was the opening. It turns out that her husband was my math teacher in senior high who is now the principal. We could’ve talked about his anecdotes; however, I will start with one of his favourite subjects: Number Theory.
Many believe that Number Theory is the fundamental of pure mathematics, the fundamental of distinguishing Sheldon and Penny (as in “the Big Bang Theory”). I’ll say it is also the fundamental of getting to understand the computers.
Let us map the path from our daily usage of computers to the essence of Number Theory. Every day, we unlock computers with our passwords, which are encrypted or decrypted with cryptograph technology, which lies on the factor that certain mathematical problems are intractable. By certain mathematical problems, we often mean integer factorisation or prime factorisation in Number Theory. Q.E.D.
For non-tech readers, this is enough to know. For those who are doing programming and not excited by 1+1=2, I have nothing further to say.
Figure 1 A Lehmer sieve, which is a primitive digital computer once used for finding primes and solving simple Diophantine equations.
A while ago, I heard a piece of gossip news over the dining table: a well-known Weibo account had its password stolen. That account is run by a local media company, and has accumulated over 100 thousand fans over years.
So the company sit with the hacker and wanted to pay it back. Then it had nothing to do with Number Theory or whatsoever, it was all about money. The initial price was 100 thousand US dollars, approximately 1 dollar per fan – sounds familiar doesn’t it? In the end, I heard the agreement was made on 30 thousand.
I bet some of you may start thinking of quitting your job and joining the hackers. By just stealing a few passwords, you can easily become a millionaire. Well, as an IT professional, I have to agree that the business is very much sustainable which could lead you to a profitable IT security consulting firm or a jail cell.
As we are on this page, on 23rd April hackers took control of the Associated Press Twitter account overnight and sent a false tweet about two explosions at the White House injured president Barack Obama that briefly sent US financial markets reeling.
As we are on this page, on 23rd April hackers took control of the Associated Press Twitter account overnight and sent a false tweet about two explosions at the White House injured president Barack Obama that briefly sent US financial markets reeling.
Figure 2 A graph showing the drop in the US markets after the fake tweet was released
In the computer security world, a true saying will be “道高一尺 魔高一丈”. This is simply because hackers are more motivated to find out the vulnerabilities of the existing system and take advantage of them. The only thing that a good security defender can do is to keep up with the pace, hopefully stay ahead once a while.
This may sound pessimistic. But the real pessimistic fact is that stupid incidents happen every day. For example, the other day we were discussing a new project with a popular sports brand. What surprises everyone was that its existing e-commerce website still stores all passwords in plain text.
You may wonder what the big deal is. Say if you happen to be a customer of the website, obviously everyone who has the access the user database can login as you. Then if you used the same password for some other websites (such as weibo), anyone can easily break into your account with just a few trials.
Let’s face it when Chen Guanxi forgot to remove the hard disk before sending his PC for repair. He just didn’t realise the consequence. But thanks to him, we shall be wiser after this lesson.
Most of the time, it is the good habits that save you from your security tragedy but not the advances of the technology itself.
There are a few simple ways to keep your passwords safe. First, use strong password – find out the guidelines online of how to create one. Here is my favourite: you can use ancient poems as the passwords. For instance, “Zlxtq100d” – this actually comes from “众里寻他千百度”.
Second, change passwords on a regular basis. Big corporates enforce password expiry for every three months or so. Personally, I think updating passwords after every breakup is necessary. Third, avoid using the same password everywhere; at least introduce some variations. (Remember the story from last time?) Last but most importantly, do not open suspicious links from emails that ask you to change your password, update your account, or provide your bank info to enter a promotion. Most security breaches are initiated by a phishing attack targeting careless people.
Yes, I know; all of the above are troublesome. We just need to bear in mind of the Murphy's Law: “Anything that can go wrong, will go wrong".
