Those questions your bank asks you to get your password unlocked and such. LIE. What is your Mothers maiden name? Spiderman. Yeah thats what I said. Spiderman. Even if they find your Mothers maiden name a hacker cant get in because you put in Spiderman. Pick a favorite movie and use those characters. Use their favorite color or high school mascot. Use your favorite actor even and use their personal data. You will NOT get in trouble for this. Your bank will not look in your profile and be like “Um Ma’am it has come to our attention you have lied in your security questions.” Never gonna happen. Who cares if you said you went to Hogwarts for High School. These are for YOU and YOUR security on YOUR accounts. The harder you have made it then the harder it is for someone else to guess. Through internet information mining people may very well find out what your mothers maiden name is. But jeez its gonna be funny when they try. Cause nowhere and I mean nowhere will it say her name was Spiderman. Well unless you go around telling everyone the funny story about how you put Spiderman in your security questions.
Don’t share any information even with close friends. Yes its OK for you to think Im silly and your long time friend wont do anything. Who cares. You should. If your the only one that knows your the only one that can get in. Well with in reason of course. Its like practicing what you preach. You don’t wan to only practice good security with your accounts out in public. Then go home and break all the rules because you feel safe in your home. You are only as safe as you can possibly make yourself at your weakest point. And if you slack off at home then all the other things you do are for nothing.
Sunday, October 9, 2011
Saturday, October 8, 2011
Password Fundamentals
It seems that everything we do on-line requires a username and password. From banking to social networking, forums, and internet news groups. So many usernames and passwords in fact that it leads you to less security then you think. Who can remember 20 passwords or what 20 sites they are for. Are you writing them down? Are you using the same passwords for multiple sites? This can be inherently dangerous because if only one site becomes compromised then in turn all the other sites you use can also be at greater risk. I want to cover a couple of practices and need to know’s that will enable you to be in a greater cocoon of security. This reduce the likely hood of you becoming a victim of an online crime, and keeping your self save from a possible data leak from the company you are trusting with your personal data.
I am sure you have heard of all the recent attacks on companies by groups such as Anonymous and LOLSec. These groups are hacking into big corporations that they feel have unjustly wronged those that they support. Like a Robin Hood scenario but in this Cyber War as in any war collateral damage has occurred to innocent bystanders. When Sony was hacked the usernames, passwords, credit card information and other valuable information was stolen by these groups and put out for all to see on the internet. Sony had to get identity theft protection for those involved and payed for those individuals to be able to get credit reports. Sony released public statements on what they believed was leaked but no one can truly know what was done or stolen once you have been compromised. This is terrible and no matter who you support in this there is no reason for the innocent to be harmed.
Lets say you have an account with XYZ.com and ABC.com. You use the same email address(which in most cases is the username) 12345@email .com. And because you have 500 other sites to log into you use the same password for them all. Well if sitej XYZ.com has a data breach and your information is leaked then in turn they now have your credentials to log into ABC.com as you. And if you use the same for DEF.com and GHI.com they now have access to those. So lets put this in the real world. If XYZ and ABC are Twitter and Facebook they can spam people or get into your contact list. If DEF and GHI are your bank or investment site you can be in big trouble. Hackers are evil and seem like a bad dream but they are real people too. They know what top websites people are most likely to have accounts with.
So with their super hacker skills they have made programs that will take these databases of compromised information and use them all at these sites. Because their is little user interaction that is required because the programs will run while they are counting sheep it is not too labor intensive for the hacker. His return on investment is great because he only needs to have 20-30 work out of the 100,000 he received via the deep dark places on the internet. If he only gets $100.00 from all 30 of those accounts he is now $3,000 richer and he was all snuggled up in bed.
Its time to break the routine of bad security. I will give you simple tricks and tips that will greatly reduce the possibility of you becoming a victim. There is no 100% sure way. There are only ways to reduce the chance of it happening. So lets get started with the most simple way to increase your security know how. Your password. We need to make it easy so you wont cheat and go simple, yet is good enough for simplistic password programs to be defeated. So general practice wants you to have a mix of lowercase, uppercase, numbers, and symbols. Then the longer it is the better it is. Its a game of math. The way the programs methodically attempt to guess your password can be truly put to the test. if your password is abcd1234 it could take 2 hours for it to guess. If your password is aBcD12#4! it could take months even years.
Here is a great way to keep bad guys out. Pick something rough. AbC$%Er13. Then you could use google.com. Yes use the web site to help you. Take the last two letters of the name and put them in the password. So no you have AbC$%Er13le. This made it longer and now is specific to this one web site. If you do this for every site you now have a different password for everything you log into. And you can write down the first part. Just dont tell people your special secret for the end. I do not want to get into all the crazy math but this has made it so that a password cracking tool could take years to crack. They wont go that long. They will just take the ones that were cracked in four hours. There is not a good return on investment if they go for years after your password and then you may even change up to the first two letters and add them in now. Yes you want to switch it up once in a while. This also increases your security strength. So if your Twitter password is compromised they can not get into your Facebook because the passwords are different.
Try it out. See what works for you. Your security will fail faster on your part if you become lazy with security. You can not help it if one website gets attacked by Cyber Criminals. But now if one password is out in the open for use your have greatly reduced the impact to yourself.
I am sure you have heard of all the recent attacks on companies by groups such as Anonymous and LOLSec. These groups are hacking into big corporations that they feel have unjustly wronged those that they support. Like a Robin Hood scenario but in this Cyber War as in any war collateral damage has occurred to innocent bystanders. When Sony was hacked the usernames, passwords, credit card information and other valuable information was stolen by these groups and put out for all to see on the internet. Sony had to get identity theft protection for those involved and payed for those individuals to be able to get credit reports. Sony released public statements on what they believed was leaked but no one can truly know what was done or stolen once you have been compromised. This is terrible and no matter who you support in this there is no reason for the innocent to be harmed.
Lets say you have an account with XYZ.com and ABC.com. You use the same email address(which in most cases is the username) 12345@email .com. And because you have 500 other sites to log into you use the same password for them all. Well if sitej XYZ.com has a data breach and your information is leaked then in turn they now have your credentials to log into ABC.com as you. And if you use the same for DEF.com and GHI.com they now have access to those. So lets put this in the real world. If XYZ and ABC are Twitter and Facebook they can spam people or get into your contact list. If DEF and GHI are your bank or investment site you can be in big trouble. Hackers are evil and seem like a bad dream but they are real people too. They know what top websites people are most likely to have accounts with.
So with their super hacker skills they have made programs that will take these databases of compromised information and use them all at these sites. Because their is little user interaction that is required because the programs will run while they are counting sheep it is not too labor intensive for the hacker. His return on investment is great because he only needs to have 20-30 work out of the 100,000 he received via the deep dark places on the internet. If he only gets $100.00 from all 30 of those accounts he is now $3,000 richer and he was all snuggled up in bed.
Its time to break the routine of bad security. I will give you simple tricks and tips that will greatly reduce the possibility of you becoming a victim. There is no 100% sure way. There are only ways to reduce the chance of it happening. So lets get started with the most simple way to increase your security know how. Your password. We need to make it easy so you wont cheat and go simple, yet is good enough for simplistic password programs to be defeated. So general practice wants you to have a mix of lowercase, uppercase, numbers, and symbols. Then the longer it is the better it is. Its a game of math. The way the programs methodically attempt to guess your password can be truly put to the test. if your password is abcd1234 it could take 2 hours for it to guess. If your password is aBcD12#4! it could take months even years.
Here is a great way to keep bad guys out. Pick something rough. AbC$%Er13. Then you could use google.com. Yes use the web site to help you. Take the last two letters of the name and put them in the password. So no you have AbC$%Er13le. This made it longer and now is specific to this one web site. If you do this for every site you now have a different password for everything you log into. And you can write down the first part. Just dont tell people your special secret for the end. I do not want to get into all the crazy math but this has made it so that a password cracking tool could take years to crack. They wont go that long. They will just take the ones that were cracked in four hours. There is not a good return on investment if they go for years after your password and then you may even change up to the first two letters and add them in now. Yes you want to switch it up once in a while. This also increases your security strength. So if your Twitter password is compromised they can not get into your Facebook because the passwords are different.
Try it out. See what works for you. Your security will fail faster on your part if you become lazy with security. You can not help it if one website gets attacked by Cyber Criminals. But now if one password is out in the open for use your have greatly reduced the impact to yourself.
Saturday, October 1, 2011
Public Wifi
Would you want someone looking over your shoulder and watching everything on your screen or knowing every keystroke you make on your keyboard. No I am not a guy sitting in my place with a tin foil hat. But this is what can happen if you use public wifi.
No they are not literally watching you. But it only takes that one guy or gal in the coffee shop sitting there sipping their mocha frapa iced coffee. Yeah, that person you see once in a while at your local caffeine dispensary. They can be monitoring everything. Im not going to get into all the voodoo magic that happens but public wifi is like a public pool. Your sharing the water. Your sharing the fun. In order to make up for every device with all possible settings or abilities they have to set the wifi hot spot to wide open. So just like a public pool everyone can see everything. What you normally keep in private they can see because its just wide open. So the guy with the goggles swimming across the bottom can see all the things in the water floating.
Now in a perfect world people will leave each other alone, mind their own business and world peace is here. Well we don’t live in that world. And if you log into your bank to check your balance you can just expect that everyone else saw your user name and password and now they have access to your funds. The scary part is that it really is just that easy in open public wifi. No, not every wifi is that wide open but are you willing to take that risk.
So a good practice is to just to do simple and things you don’t mind sharing in a open public wifi. Check Youtube and watch silly videos. Browse news sites. Just dont use anything that will require you to use a username and password. No Facebook, banking, Amazon, Ebay, and nothing that could let someone into your personal things or life.
Things do get a little safer when you use a secure connection like https in your URL bar vice the http. I will save that one for another day. I just wanted you all to be aware of the dangers of using open public wifi.
No they are not literally watching you. But it only takes that one guy or gal in the coffee shop sitting there sipping their mocha frapa iced coffee. Yeah, that person you see once in a while at your local caffeine dispensary. They can be monitoring everything. Im not going to get into all the voodoo magic that happens but public wifi is like a public pool. Your sharing the water. Your sharing the fun. In order to make up for every device with all possible settings or abilities they have to set the wifi hot spot to wide open. So just like a public pool everyone can see everything. What you normally keep in private they can see because its just wide open. So the guy with the goggles swimming across the bottom can see all the things in the water floating.
Now in a perfect world people will leave each other alone, mind their own business and world peace is here. Well we don’t live in that world. And if you log into your bank to check your balance you can just expect that everyone else saw your user name and password and now they have access to your funds. The scary part is that it really is just that easy in open public wifi. No, not every wifi is that wide open but are you willing to take that risk.
So a good practice is to just to do simple and things you don’t mind sharing in a open public wifi. Check Youtube and watch silly videos. Browse news sites. Just dont use anything that will require you to use a username and password. No Facebook, banking, Amazon, Ebay, and nothing that could let someone into your personal things or life.
Things do get a little safer when you use a secure connection like https in your URL bar vice the http. I will save that one for another day. I just wanted you all to be aware of the dangers of using open public wifi.
Subscribe to:
Posts (Atom)