Solutions Blog

Q & A for a Q & A website: Quora, what happened?

By Richard Arneson

Think back to the first time you hopped on the Internet. If you’re under the age of thirty-years-old, it might have been a “meh” moment, if it even registered at all. It was probably lost among the other technological advancements that surrounded your crib. But if you’re older—especially if you’re over 50—you may mark your first day of Internet access as a milestone. You probably remember the first thing you Googled (What is the airspeed velocity of an unladen swallow?), then sat back in amazement as a wealth of information popped up about the subject. Fact-checking didn’t cross your mind; you just couldn’t believe everything, or so it seemed, was  just a few keystrokes away. While Quora doesn’t merit the same level of technological wonderment, it’s shocking when you first discover how much Q & A info is posted on their site. Yes, a lot of it is nonsensical (“What is the most cringeworthy thing you’ve seen at a bachelor party?”), but much of it is informative. Content aside, it’s very popular—research from 2016 had them logging over 100 million unique visitors each month. I’m not sure I was even aware of Quora in 2016. In other words, that figure is far larger today. And while we’re on the subject of 100 million, that’s also how many Quora users’ data was lifted just six (6) days ago. Yes, I buried the lead.

This is why we can’t have nice things

We learned this at a young age—there’s always somebody or something to spoil all the fun. And in Quora’s case, the wet blanket came in the form of hackers who accessed registered users’ account information, including, among other less spectacular items, passwords and any data that authorized users imported from linked networks. It might be a blip on the cyber security radar screen considering credit card info, social security numbers, bank accounts, etc., weren’t stolen (Quora doesn’t request this type of user info), but it’s another reminder that digital evil is always lurking. Sadly, it always will be. The cat and mouse game continues. The affected users were promptly notified by Quora and asked to re-set their passwords. They have secured the services of several digital forensics and security companies to conduct thorough investigations, but to date the perpetrator(s) have flown under the radar screen. While it’s not something Quora has mentioned or admitted to, many security analysts suspect they may have cut corners regarding encryption and associated hash functions. While Quora has stated that all passwords were encrypted and hashed with a salt that varies for each user, they didn’t provide additional details about the type of hash function. According to Dan Goodin, a security analyst at Ars Technica, a technology news website, “The specific hash function matters greatly. If it’s one that uses fewer than 10,000 iterations of a fast algorithm such as MD5 with no cryptographic salt, hackers using off-the-shelf hardware and publicly available word lists can crack as many as 80 percent of the password hashes in a day or two. A function such as bcrypt, by contrast, can prevent a large percentage of hashes from ever being converted into plaintext.”

The takeaway

Please stop using the same password for multiple sites and accounts. If it makes you feel any better, yes, I’ve done this. I’ve ignored and violated this widely publicized, oft-mentioned digital security tip. And there’s really no excuse for it. With the spate of password management tools available, you can create the craziest combination of words, numbers and symbols you’d like. That’s not to say it’s a security panacea, but it can greatly reduce  password-related issues. If I’ve done it, you can, too. Now I can safely login to Quora and submit this gem: “Do you use Miracle Whip or mayonnaise when making tuna salad?”

Security Concerns?

To find out how to secure your organization’s network, contact GDT’s tenured and talented engineers and security analysts at SOC@GDT.com. From their Security and Network Operations Centers, they manage, monitor and protect the networks of companies of all sizes, including those for some of the most notable enterprises, service providers, healthcare organizations and government agencies in the world. They’d love to hear from you.   Read more about network security here: They were discovered on Google Play, but this is no game And in this corner… Elections are in, but there’s one (1) tally that remains to be counted Hiring A Hacker Probably Shouldn’t Be Part of Your Business Plan Gen V Sexy, yes, but potentially dangerous Tetration—you should know its meaning It’s in their DNA When SOC plays second fiddle to NOC, you could be in for an expensive tune How to protect against Ransomware]]>

Categories:
Share on linkedin
Share on twitter
Share on reddit
Share on facebook
Share on email

Learn more about Q & A for a Q & A website: Quora, what happened? by filling out the form below:

The Classroom of the Future: Hybrid Learning

The need for hybrid or online learning support will only continue to grow, so how can education systems adapt to deliver a consistent learning experience, no matter where a student is joining the class from?

Read More »

GDT VP of Engineering Quoted by CRN

A lot of customers are now looking to consume storage as a service, and NetApp is making it easier to do so, said John Woodall, vice president of engineering west at General Datatech, a Dallas-based solution provider and long-time NetApp channel partner.

Read More »

Securing Client Data

Every business needs to take security seriously. Staying compliant with regulations is NOT a one-time or point-in-time status; it is an everyday commitment.

Read More »
WordPress Image Lightbox