Since yesterday marked Alan Turing's birthday, we decided to talk a little bit about security and the importance we place on security in web development. In the past couple years Alan Turing has been celebrated in many ways, in 2013 Gordon Brown issued an apology for Turing's treatment by the British Government and last year 'The Imitation Game', a film based on his time as a codebreaker during the Second World War, was released.
For web developers security is first priority when creating a new application. While this is a key aspect for internet security, no matter how much effort we put into making an application safe, if the end user doesn't understand the importance of keeping their data secure, we all lose.
The internet nowadays is just a natural part of our lives, we're always connected. We have smartphones, tablets, smartwatches and more smart devices are being announced and developed every day. The amount of personal information these devices collect from us is astounding. How can we know that all this information is being handled and stored securely? What can we do to make this information stays safe within [the internet]?
Well, unfortunately, we don't know. We simply trust that our service providers are dealing with our information in the correct way and always striving to keep up to date with the latest security issues. The only influence we have is choosing services and businesses that handle our information carefully. In the mobile world we have two giants; Google and Apple. In the browser wars we have a few more options; Chrome, Firefox and Internet Explorer amongst others.
When selecting which of these products we'll use, it is very important to think about its security model, how strong it is and how many vulnerabilities have been exposed in the past. Those of you more aware of your browser's security may have heard of Pwn2Own. It's an annual competiton in Canada where researchers and companies in the security business try and break our favourite web browsers using web attacks. This may sound very sinister but its extremely beneficial, it points out their weaknesses for future updates and offers options for further security improvements. CanSecWest hosts the competition every year and prizes for those skilled enough to bend and break a browser's security reach as far as $400,000 to a single competitor.
This year's competition, once again, had all of the most popular web-browsers hacked, allowing hackers to execute their own code on remote browsers using both Windows and Mac operating systems. According to our friends at PCWorld, a security researcher from South Korea named JungHoon Lee took home $225,000 after single-handedly hacking both Internet Explorer 11 and Google Chrome on Windows and Safari on Mac OS X. So, think twice before choosing which browser is going to be handing all your online shopping, banking, international payments and transactions you choose to effect using the web.
Obviously, choosing the right browser is just the tip of the iceberg, and while being our gateways to this colourful land called "The Internet", how we choose to manage our information is the key to online security. One example of this is remembering and storing our passwords. At some point we all had, or know someone who had a little post-it note on their screen with passwords scrawled across it, or even chose a technically strong but extremely unsecure password such as "Password1234", it may be ten digits long and contain numbers, lower and upper case characters but its not hard to decipher. The most common issue we come across is the same secure password used for all log-ins.
To try and tackle all of those problems in our office, we recently decided to move all credentials to LastPass, an online password manager. Apart from the migration process in which each of us had to go through our own dark ways of keeping our passwords(.txt) safe, so far it has been great. Sharing passwords across the team is a breeze and LastPass has been pretty solid so far. Recently LastPass had their data potentially compromised, they promptly warned us to reset our master password and ensured we were given all the necessary information to stay secure rather than hide the issue from their users. You can read more about the LastPass security breach here.
Hopefully this insight assists you in making the most secure choices for your business. Our development team can help deliver the right online experience for your customers while keeping both yours and their data safe. Get in touch to find out more!