Stump the Geeks

Expect failure and plan accordingly

August 19, 2012 

Mat Honan’s hacking horror story is barely two weeks old, but already it’s been something of a catalyst for change when it comes to cloud-based computer security.

Using Amazon and Apple’s password reset loopholes to take control of the Wired writer and longtime technology correspondent’s Google, Twitter and iCloud accounts, hackers wiped the memory from several of his devices and used his public profile to broadcast hateful messages. It was a deft combination of social engineering and, as Honan concedes, personal security failures.

After thoroughly documenting the exploit, follow-up reporting from Wired revealed the tech companies are taking steps to shore up their security flaws. And publications from The Huffington Post to PC World have offered suggestions on how to prevent such a devastating attack from happening to us.

It’s valuable advice. Back up your valuable information. Take advantage of advanced security options like two-step verification. Avoid linking your accounts with the same email addresses and passwords.

Everyone who read about Honan and takes this advice has a better understanding of worst-case scenarios when it comes to our personal data. But to make this lesson stick, there needs to be a fundamental attitude shift when it comes to buying electronic devices or signing up for cloud services.

As consumers, our expectations right now are high. Apple co-founder Steve Jobs captured that perfectly in a 2011 keynote at the company’s Worldwide Developers Conference when describing the main draw of iCloud: “It just works,” he said to applause.

If we’re smart, we’ll reject this tempting slogan. If we’re smart, we’ll start expecting our devices to fail.

This philosophy isn’t a completely alien one to most consumers.

When we buy a car or a house, we pair it with insurance. We’re making a bet that in the lifetime of these purchases, something catastrophic is going to happen. We’re so sure of that fact that we shell out hundreds of dollars a month to protect ourselves, considering it part of the price we pay.

Paul Rosenberg, owner of the Chapel Hill shop Love Your Computer, uses a similar analogy when explaining repairs like hard drive replacements to customers.

“This is like your car’s 100,000-mile service,” Rosenberg said. “Almost every computer will have at least one hard drive replaced and at least one malware attack in its lifespan. That’s just part of owning the machine now.”

Admittedly, my analogy is flawed. Insurance on homes and cars is often mandated by law, and buying it helps us protect investments that can cost hundreds of thousands of dollars. This isn’t the case with a $600 laptop or a $200 smartphone.

But we’ve got to start accounting for the hidden costs of certain failure not because of the relatively inexpensive hardware, but because of the priceless data they store and access.

“Ultimately, their machines and their phones are no longer really relevant. What matters is all the data they’re accumulating,” Rosenberg said. “If one computer dies, the next one will provide that data as well as the first one did.”

Security will get marginally better. Horror stories like these will play a role in creating more savvy consumers. But as the inevitable migration toward cloud services continues, new threats will pop up to assault our data and evade our best efforts to prevent them.

“The risks are only going to increase as we put more and more of our lives online and become dependent upon services provided by organizations we assume have already figured out all the hard technical stuff needed to keep it safe,” Jeff Crume, IBM IT security architect and author of the blog Inside Internet Security, told me in an email. “Many of these services are free, yet we fail to think about the realities of the underlying business model and how that could ultimately affect us.”

The answer isn’t despair or resignation – it’s good preparation. It’s fine to take reasonable steps to protect yourself and hope for the best, but figuring out the best way to rebuild quickly is an essential part of that planning.

Because when you know they’re coming, disasters don’t seem quite as bad.

Send technology questions to stumpthegeeks@newsobserver.com. Please include your name, city and daytime phone number. Sorry, we can’t answer every question.

News & Observer is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Commenting FAQs | Terms of Service