Barely three months after I first touched on this topic, we hear earlier this week that the Singapore Government’s SingPass access system to all government resources – IRAS for personal and corporate tax, CPF, MOM and many, many more has been compromised, with the IDA initially blaming users for having weak passwords. Yes, we users play a big part in ensuring the online resources we access remain secure, but a number of questions have to be raised:
a. How does the IDA know whether/if users have weak passwords – why are they privy to this information?
b. Why are users permitted to create weak passwords in the first place? There are numerous mechanisms easily available to website developers to enforce string passwords.
c. How does a brute-force attack trying very large numbers of passwords in a very short space of time bypass intrusion detection systems? Do these even exist?
It seems to me that simply ‘refining’ the system after such an event, is a little on the light side of an appropriate response. Instead, what we probably need is a major overhaul on an emergency basis. To date we’ve been told that only about 1600 of the three million accounts have been compromised, but how many more will be
hacked compromised now that the possibility of doing so has been highlighted to the global hacking community?
Call to Action:
- Check your own Singpass account NOW
- If you have not changed your password recently do it NOW.
- If your password is not complex change it NOW.
PASR Technologies has been providing SME business owners with a level of service and support to the SME business owner that is typically only directly available in very large organisations.