Possibly a rather lightweight topic this one, but at the time (and frankly since) it was certainly in the news. The topic? Websites getting hacked, having customer data downloaded, including passwords. Sometimes the hacks are really simple, and I talk about a couple in the article: SQL Injection (which, even after all this time, is still one of the primary ways to hack a website) and XSS (cross-site scripting). Sometimes users bring the problems upon themselves by, say, having the same passwords for several sites (your password then is only as safe as the security at the weakest site). I also talk about the need to salt-and-hash passwords in your database if you are a website developer, and the need to use a good password manager if you are a user.
This article first appeared in issue 311, August 2011.
You can read the PDF here.
(I write a monthly column for PCPlus, a computer news-views-n-reviews magazine in the UK (actually there are thirteen issues a year — there's an Xmas issue as well — so it's a bit more than monthly). The column is called Theory Workshop and appears in the Make It section of the magazine. When I signed up, my editor and the magazine were gracious enough to allow me to reprint the articles here after say a year or so.)