tag:blogger.com,1999:blog-2185060286339581989.post2207180558227698673..comments2023-09-03T23:02:25.215+08:00Comments on Sales, Social and Tech: Onus Is Still On IDA To Keep Our SingPass SafeAaron Kohhttp://www.blogger.com/profile/12703825015765834170noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-2185060286339581989.post-73817493920353529172014-06-06T14:27:19.694+08:002014-06-06T14:27:19.694+08:00Even if this is an "innocent" breech&quo...Even if this is an "innocent" breech" this incident would have alerted real hackers to probe for other weaknesses. Although I am not an IT-security guy, I can think of two simple weaknesses.<br /><br />First: Using our IC No as a default ID already simplifies half the task for hacking since its not difficult to obtain lists of valid ICs, with the check alphabet. eg just get hold of a bunch of entry forms for supermarket lucky draws. So only need to guess the password.<br />Secondly: Get entry into the sign-in database of a large corporation in SG eg telcos, banks etc with large online user base. Take the IC numbers, telephone numbers and passwords, cover tracks and exit. Use this list to hack into SingPass. Many users tend to used the same password so there will be a reasonable hit rate that the attack will not attract suspicion.<br /><br />Conclusion: letting us use IC No is an user friendly idea but since IC numbers are not randomly generated, the security regime need to be thought through even more rigourously such as making in compulsory for those who retain the IC as default to register their handphone to receive an SMS code for transaction validation. (and for the occasion when you lose your phone and urgently need to use Singpass, allow you to register your home phone or alternative mobile to receive a call from theif call centre etc.Unknownhttps://www.blogger.com/profile/10406973010732083650noreply@blogger.comtag:blogger.com,1999:blog-2185060286339581989.post-91775045727468227112014-06-06T12:27:16.787+08:002014-06-06T12:27:16.787+08:00This happens only once in 50 years. But the Mat ke...This happens only once in 50 years. But the Mat keeps making stupid comments almost everydayAnonymousnoreply@blogger.com