{"id":3707,"date":"2016-05-28T19:28:22","date_gmt":"2016-05-29T00:28:22","guid":{"rendered":"http:\/\/huewhite.com\/umb\/?p=3707"},"modified":"2016-05-28T19:28:22","modified_gmt":"2016-05-29T00:28:22","slug":"just-get-rid-of-them","status":"publish","type":"post","link":"https:\/\/huewhite.com\/umb\/2016\/05\/28\/just-get-rid-of-them\/","title":{"rendered":"Just Get Rid of Them"},"content":{"rendered":"<p>As a software engineer, I find this <a href=\"http:\/\/www.lawfareblog.com\/apparently-word-foolish-spelled-swift\" target=\"_blank\">remark<\/a> from Paul Rosenzweig at <em><strong>Lawfare<\/strong><\/em>\u00a0incredibly dispiriting:<\/p>\n<blockquote><p>A case in point is t<a href=\"http:\/\/www.theregister.co.uk\/2016\/05\/28\/swift_finally_pushes_twofactor_auth\/\" target=\"_blank\" rel=\"nofollow\">his report from The Register<\/a>.\u00a0 Readers may recall that a month ago,<a href=\"http:\/\/arstechnica.com\/security\/2016\/04\/billion-dollar-bangladesh-hack-swift-software-hacked-no-firewalls-10-switches\/\" target=\"_blank\" rel=\"nofollow\"> reports surfaced <\/a>of a theft of more than $81 million from the Bangladeshi central bank.\u00a0 And it seems that but for a small error, the theives might have gotten away with more than $1 billion.\u00a0 The attack itself came in through the SWIFT system &#8212; the Society for Worldwide Interbank Financial Telecommuncation, headquartered in Belgium. We were assured, however, that there were no <a href=\"http:\/\/www.theregister.co.uk\/2016\/05\/10\/swift_rejects_bangladeshi_criticism\/\" target=\"_blank\" rel=\"nofollow\">vulnerabilities in the SWIFT system itself<\/a>.\u00a0 According to SWIFT the hack must have started in the local banks.<\/p>\n<p>Perhaps so.\u00a0 But today we learn that SWIFT itself has failed to take even the most basic security steps to protect its network.\u00a0 Two-factor authentication is the simple system where when you log in, you use a password but then you also have to present a second factor to authenticate yourself.\u00a0 Usually this is some sort of random pin.\u00a0 Or it can be an approval from your mobile device.\u00a0 Everyone uses it these days &#8212; its how we log in to Google mail and its also how we log in to post on Lawfare.<\/p>\n<p>Apparently, however, SWIFT was not so swift.\u00a0 Only now, after the Bangladeshi attack (and others on banks in the Phillipines and Vietnam) will the bank move to expand its use of two-factor authentication.<\/p><\/blockquote>\n<p>Viscerally, I just want to get rid of them. Yes, take your pick between SWIFT and computers. Getting rid of either would take care of the problem.<\/p>\n<p>Surely SWIFT had availed itself of the services of any of a number of a security-focused corporations? This sounds like the sort of thing where someone is very publicly fired.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As a software engineer, I find this remark from Paul Rosenzweig at Lawfare\u00a0incredibly dispiriting: A case in point is this report from The Register.\u00a0 Readers may recall that a month ago, reports surfaced of a theft of more than $81 million from the Bangladeshi central bank.\u00a0 And it seems that \u2026 <a class=\"continue-reading-link\" href=\"https:\/\/huewhite.com\/umb\/2016\/05\/28\/just-get-rid-of-them\/\"> Continue reading <span class=\"meta-nav\">&rarr; <\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3707","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts\/3707","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/comments?post=3707"}],"version-history":[{"count":1,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts\/3707\/revisions"}],"predecessor-version":[{"id":3708,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts\/3707\/revisions\/3708"}],"wp:attachment":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/media?parent=3707"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/categories?post=3707"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/tags?post=3707"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}