{"id":65459,"date":"2016-10-17T14:02:59","date_gmt":"2016-10-17T06:02:59","guid":{"rendered":"http:\/\/58.64.145.228\/ja\/e2ee-password-hack\/"},"modified":"2020-12-31T03:00:31","modified_gmt":"2020-12-31T03:00:31","slug":"e2ee-password-hack","status":"publish","type":"post","link":"https:\/\/www.i-sprint.com\/ja\/e2ee-password-hack\/","title":{"rendered":"Passwords from popular platforms have been hacked! Is your company next?"},"content":{"rendered":"<div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-1 nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-0 fusion_builder_column_1_1 1_1 fusion-one-full fusion-column-first fusion-column-last\" style=\"--awb-bg-size:cover;--awb-margin-bottom:0px;\"><div class=\"fusion-column-wrapper fusion-flex-column-wrapper-legacy\"><div class=\"fusion-text fusion-text-1\"><div align=\"justify\">\n<p><img decoding=\"async\" class=\"vc_single_image-img aligncenter\" title=\"e2ee-password-hack-564x399-min\" src=\"http:\/\/www.i-sprint.com\/wp-content\/uploads\/2016\/10\/e2ee-password-hack-564x399-min-450x270.png\" alt=\"e2ee-password-hack\" width=\"450\" height=\"270\" loading=\"lazy\" \/><\/p>\n<p>500 million from\u00a0<a href=\"https:\/\/www.wired.com\/2016\/09\/hack-brief-yahoo-looks-set-confirm-big-old-data-breach\/\" target=\"_blank\" rel=\"noopener noreferrer\">Yahoo<\/a>, 117 million from\u00a0<a href=\"http:\/\/www.mirror.co.uk\/news\/world-news\/linkedin-hacker-selling-117-million-7995889\" target=\"_blank\" rel=\"noopener noreferrer\">LinkedIn<\/a>, 68 million from\u00a0<a href=\"http:\/\/thehackernews.com\/2016\/10\/dropbox-password-hack.html\" target=\"_blank\" rel=\"noopener noreferrer\">Dropbox<\/a>, 43 million from\u00a0<a href=\"https:\/\/techcrunch.com\/2016\/09\/01\/43-million-passwords-hacked-in-last-fm-breach\/\" target=\"_blank\" rel=\"noopener noreferrer\">Last.fm<\/a>, 32 million from\u00a0<a href=\"https:\/\/techcrunch.com\/2016\/06\/08\/twitter-hack\/\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>, hundreds from\u00a0<a href=\"https:\/\/techcrunch.com\/2016\/04\/25\/hundreds-of-spotify-credentials-appear-online-users-report-accounts-hacked-emails-changed\/\" target=\"_blank\" rel=\"noopener noreferrer\">Spotify<\/a>, these are not the new sign up numbers, but the number of accounts that have been hacked! It may seem on the surface as a users\u2019 account credential leak issue, but the underneath implication is far greater as most users use the same password across different services\/ applications.<\/p>\n<p>Hackers break into a company\u2019s internal network and attempt to get a copy of the password database. The cost and time required for password brute force attacks have significantly gone down. The cracked password data is then sold on underground darknet markets to break into the user\u2019s other accounts or used to hold the company ransom.\u00a0 The leakage of such data can lead to penalties from regulators, affect the corporate net worth and more importantly cause customers to lose trust in the companies offerings.<\/p>\n<p>To prevent exposure of sensitive data, enterprises need a strong data protection solution such as end-to-end encryption (E2EE) to protect passwords and sensitive transaction data. E2EE ensures that sensitive data stays encrypted even within the memory of vulnerable web or application servers. It prevents insiders such as software developers or database administrators (DBAs) from leaking sensitive data accidentally or deliberately.<\/p>\n<p>i-Sprint\u00a0<a href=\"http:\/\/www.i-sprint.com\/products\/universal-authentication-server-uas\/\" target=\"_blank\" rel=\"noopener noreferrer\">Universal Authentication Server (UAS) E2EE<\/a>\u00a0for Credential and Transaction Data Protection solution has been designed to meet the E2EE requirements. It is a complete end-to-end encryption solution that is bundled with a FIPS certified Hardware Security Module (HSM) and user endpoint encryption libraries that support all major web browsers as well as Apple iOS, Android, Blackberry, Windows mobile platforms.<\/p>\n<p><a href=\"http:\/\/www.i-sprint.com\/solutions\/end-to-end-encryption\/\" target=\"_blank\" rel=\"noopener noreferrer\">i-Sprint UAS E2EE<\/a>\u00a0solution is a proven solution among many financial institutions and provides an off-the-shelf product to enable organizations to encrypt the password and sensitive data and send the encrypted data over a communication channel in addition to the SSL protection. This is done by using an encryption library and key data to encrypt the data at the point of entry (user desktop\/smartphone) before submission to the server side. This data remains encrypted all the way to the web server and even the application server. The data may be decrypted at the application server, however, in the case of passwords, they remain encrypted and are verified inside a HSM. HSMs are cryptographic devices using tamper resistant hardware built to meet the FIPS standards. Thus the passwords are encrypted from the point of entry to the point of comparison. This also ensures that nobody in the intranet has access to the password in clear during transit and storage, as well as protecting against internal fraud.<\/p>\n<p>In summary, effective data protection requires a combination of layered security solutions and the right processes. Organizations should not wait for the next web server vulnerability or the next attack and should look into implementing End to End Encryption solutions at the application layer to protect their confidential information.<\/p>\n<\/div>\n<\/div><div class=\"fusion-clearfix\"><\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Hackers break into a company\u2019s internal network and attempt to get a copy of the password database. The cost and&#8230;&#8230;<\/p>\n","protected":false},"author":2,"featured_media":65324,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"episode_type":"","audio_file":"","podmotor_file_id":"","podmotor_episode_id":"","cover_image":"","cover_image_id":"","duration":"","filesize":"","filesize_raw":"","date_recorded":"","explicit":"","block":"","itunes_episode_number":"","itunes_title":"","itunes_season_number":"","itunes_episode_type":"","footnotes":""},"categories":[174],"tags":[],"class_list":["post-65459","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-ja-2"],"_links":{"self":[{"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/posts\/65459","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/comments?post=65459"}],"version-history":[{"count":4,"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/posts\/65459\/revisions"}],"predecessor-version":[{"id":78858,"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/posts\/65459\/revisions\/78858"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/media\/65324"}],"wp:attachment":[{"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/media?parent=65459"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/categories?post=65459"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.i-sprint.com\/ja\/wp-json\/wp\/v2\/tags?post=65459"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}