July 30, 2010

You are here: Home / Archives for online safety

More Thoughts About Passwords

October 26, 2009 By Steve 1 Comment

I really should have knocked on wood when I wrote about passwords last week. I was practicing what I preached and knew that I was safe. But sure enough, my old Yahoo email account was just hijacked.

I stopped using this account after I signed up for Gmail, and it had some really old contacts in it. At one point a while back, and after not logging in for over a year, Yahoo sent me an email saying that the account was going to be deactivated. So I logged back in, deleted old messages, contacts, etc, and moved on.

But apparently, those old contacts were not actually deleted. They must have remained somehow linked to the old account, and available to anyone that would be able to hijack it. When whoever or whatever hijacked the account, they were able to send an email to all the contacts linked to the account and make it appear that it was sent by me. The email contained a hyperlink to a program that could be harmful to your PC.

I’m still trying to contact the folks that may have received the malicious email and make sure they are OK, and so far it doesn’t look like anyone was hurt.

Here is a summary of what this episode teaches us. I think it applies to everyone.

  • Just as in the real world, you are never 100% safe. You always need to be on guard.
  • Old accounts that you no longer use may still contain data that could be useful to hackers.
  • Make sure that the passwords you choose for ALL online email accounts are the strongest possible. They should contain at least 8 characters, have no dictionary words or other recognizable patterns and be a mix of alpha, numeric and symbol characters.
  • Make sure your anti-virus and anti-spyware programs are working and contain the most recent updates.

For more information on good password selection, Thoughtpick.com has a very good article on creating strong passwords.

/Steve

Filed Under: Featured Articles, Online Safety Tagged With: ,

Passwords – How Safe is Your Online Information?

October 20, 2009 By Steve Leave a Comment

Your online security is only as good as your password. You probably make regular visits to dozens of sites that require passwords, so keeping track of them can be a chore. Dealing with so many passwords causes people to do some very unwise things. They might write them down, or store them on a computer file, or even use the same password for everything. All of these defeat the purpose of passwords and can result in compromising your important data.

Recently, an anonymous user posted 10,000 usernames and passwords that had been lifted from Windows Live Hotmail accounts. An online internet security company analyzed these passwords and found some very distressing trends.

  • The most common password was ’123456′
  • The second most common password was ’123456789′
  • Many passwords were people’s names
  • Only 6% used strong passwords which contain a combination of alpha, numeric and other characters

With the requirement for so many passwords, how do you keep track of them?

Security experts say that passwords should use a combination of letters, numbers and other characters and shouldn’t include names, dates or dictionary words. They also say that you should change your password frequently. It’s no wonder that people feel they have to write them down.

Here are some simple rules and tips to help you with coming up with secure passwords and then remembering them when you do:

  • Make Passwords Hard to Guess but Easy to Remember
    When establishing passwords, think of a short phrase that only you would remember and make an acronym. For example, “I Love The Rain” would yield ‘iltr’.  Now, capitalize one or more of the characters and you have ‘iLtr’.  Using this method, you will come up with virtually unguessable passwords.
  • Develop Several ‘Core’ Passwords
    The previous tip will result is a ‘core’ password. Adding at least two numbers and a special character will result in a very strong password. The numbers you use can be from a phone number, address or date. Varying where you put the numbers and special characters will make the password even more secure.
  • Never Compromise Your Password
    Make it hard for hackers and never write your password down. If you sign up for a service that sends you an email confirmation with your password printed in plain text, change it immediately. Never give your password away.  If your password is out of your control, so is your personal information.
  • For Low Security Sites, Use the Same Password
    Sites that don’t store any personal information don’t pose much of a security risk. If you find that you may need to enter personal information later, change your password to make it more secure.
  • Use Extra Security for Financial Passwords
    Each financial site should ALWAYS have its own password. These sites can result in the most risk if your account is compromised. Select the most secure password you can and change it monthly.

/Steve

Filed Under: Featured Articles, Online Safety Tagged With: ,

Router Basics

October 11, 2009 By Steve Leave a Comment

RouterA Router is a networking device that directs the flow of data along networks. Routers are connected to at least two separate networks, commonly two LANs (Local Area Network) or WANs (Wide Area Network) or, as in your home network, your LAN and the Internet. Routers are also known as gateways, located where two or more networks connect, and are the critical device that keeps data flowing between the networks.

The routers we use in our home networks are sometimes referred to as “residential gateways” and are frequently used to connect to a broadband service over cable or DSL. These routers may also include an internal cable or DSL modem. Residential gateways typically provide firewall functionality through network address translation (NAT) and port address translation. Instead of directly presenting the IP addresses of local computers to the remote network, such a residential gateway makes multiple local computers appear to be a single computer. In terms of home network security, your router is the mask you wear, effectively hiding your real identity from the internet.

This article provides a very simplistic definition of a router. The router performs an amazing amount of work behind the scenes, and is the device that is most responsible for allowing the Internet to work at all.

Filed Under: Home Networking Tagged With: , ,

Firewall Basics

October 10, 2009 By Steve Leave a Comment

FirewallDiagram-smallSimply put, you are playing with fire if you aren’t using a firewall to protect your PC and home network from unauthorized access from outside your network.

The term “firewall” originally referred to a physical barricade against the potential spread of fire. In home computing terms, a firewall is a component of a computer or network that acts as a barrier between your home network or PC and the Internet. The firewall blocks unauthorized access while allowing authorized access to your systems. Firewalls can be hardware devices or based in software, both serving the same function.

Firewalls work by inspecting all traffic, both inbound and outbound, and deciding whether the traffic is denied or allowed passage based on a set of pre-established rules or policies. These rules and policies can work in one or more of several methods:

NAT – Network Address Translation
NAT is a method of connecting multiple computers to the Internet (or any other network) using one IP address. NAT allows one IP address, which is shown to the outside world, to refer to many IP addresses internally; one on each PC. NAT automatically provides firewall-style protection without any special set-up because it only allows connections that are originated on the inside network.

Packet Filter
Packet filtering blocks traffic based on a specific Web address (IP address) or type of application (e-mail, ftp, Web, etc.) .

SPI – Stateful Packet Inspection
SPI tracks the data to ensure that the inbound data were requested by the user.

Refer to your router’s user manual for instructions on how to set up your firewall. There are many online resources that discuss some of the more complex issues with firewalls, but for most home network users, the default settings will provide a very high level of security.

Windows comes with a built in software firewall that you can turn off if using a hardware firewall. Microsoft, however, recommends that you leave it on to provide protection if one of the PCs on your home network should become infected and start sending out malicious data.

/doc

Filed Under: Home Networking Tagged With: , ,

Phishing

October 7, 2009 By Steve Leave a Comment

phishing-smallYou know it can’t be good when Microsoft reveals that more than 10,000 Hotmail users may have had their private information compromised through recent Phishing scams.

Phishing is the act of illegally attempting to acquire sensitive information such as usernames and passwords by posing as an otherwise trustworthy entity through email or other electronic communication. I can’t verify for certain where the term came from, but there seems to be a consensus that it is derived from “Password Fishing”. Seems appropriate.

A Phishing attempt usually begins with an email that mentions some dire emergency that you must take care of. Recent examples are:

  • Your PayPal account may be closed if you don’t visit the hyperlink that is provided…
  • Your bank account may have been compromised and you need to enter some personal information for verification…

Chase Bank has some good examples of what some of these emails can look like. Click here to check them out.

There are many more, but in most cases there is a hyperlink that will take you to an official looking website that is really a fake site designed to resemble the site you think you are on. The Phishing scheme is to get you to enter information that they want into an online form.

You need to use the same caution online as you do in the physical world. Be aware of your surroundings, don’t talk to (or trust) strangers, and keep a low profile.

Be suspicious of any online communication that tells you that something big (good or bad) will happen if you don’t click on the supplied link and take care of it. If you’re not sure, instead of using the link that is provided, go to the site using its official address and attempt to ascertain if there is really a problem. Many times, the institution will have information about the scam on their home page.

/doc

Filed Under: Digital Lifestyle Tagged With: ,
« Older Posts