Tuesday, 25 February 2014

63. Why You Should Take Your Passwords Seriously



I have touched on this subject in previous articles but make no apologies about repeating it. YOUR PASSWORDS ARE OFTEN YOUR ONLY SECURITY ON SENSITIVE SITES SUCH AS BANKS AND INVESTMENTS. Read the article and take note. Even after banging on about this aspect of security for a long time, my own “very secure” password was compromised on my email account a couple of months ago :-

Unfamiliar messages. Passwords that no longer work. These are just two of the many clues that cybercriminals have gotten a hold of your password and broken into your account.

With the password compromised, the first step is to regain control over the account by changing passwords and checking configuration settings to make sure nothing has changed. However, if the root problem (how the passwords were successfully stolen) is not fixed, then the accounts will just get compromised again and again. That’s why it’s important to take your passwords seriously and to make sure they are strong.

Passwords are immensely valuable, whether they are for email, e-commerce sites, or even “just” a social media platform. Criminals aren’t after your Spotify passwords because they want to see who your favorite artists are. They are banking on the high likelihood that the same password will unlock your email, retail Website, or even your work network. Considering the number of people who re-use their passwords across multiple sites, there is a good chance that someone’s Twitter password is the same as that person’s online banking account.


This is why it’s important to have a unique password for every account and service. If attackers do manage to steal one password, at least the damage is limited to just that site, instead of impacting multiple services. It’s also important to recognize how cybercriminals steal the passwords in the first place and avoid those scams from the start.


How Cybercriminals Steal Passwords
Cybercriminals employ several methods to steal passwords. They can use stealthy malware, tricky social engineering techniques, or just plain brute-force to guess the password. Whichever method they use, the goal is the same: gain access to as many user accounts as possible.


Malware:
All it takes to infect a computer with malware is one person opening a specially crafted attachment, or clicking on a booby-trapped link in a spam message. Cybercriminals send out spam messages promising special deals on luxury goods, offering exclusive details on current events, or the latest gossip on celebrities to trick people into clicking on links. Or they craft emails using basic social engineering tricks to convince users the emails are legitimate, such as pretending to apply for a job, sending delivery notification messages, or even using data mined from social media sites and pretending to be an acquaintance.

The malware likely installs a keylogger component on the computer, which captures every keystroke typed, whether it’s an email message or every single login credential for every single site the user visits. Once the keylogger is installed, the criminals can easily harvest every password ever entered. This is why it is important to keep the security software regularly updated and to scan the computer regularly for malware.


Phishing:
Phishing is a form of social engineering that is very effective. Attackers craft a message that appears to be from a legitimate brand, such as your bank, or well-known sites such as eBay and PayPal, or even a corporate site. When the user clicks on the link, they see a Website which looks like the real thing—maybe the logo on the page is the same. The user thinks it is a real site and enters their login credentials. All the information typed on the bogus site goes directly to the criminals, and the user often has no idea that the password, and now the account, has been compromised.

This is why it is important to be wary of messages in the inbox, to avoid clicking on links in email messages, and to scrutinize all sites to make sure the site is real. Checking the URL carefully is a good way to screen out bad sites, such as www.fcebook.com.


Password Cracking
Cybercriminals may just try to brute-force the password, operating on the assumption that the password is not so complicated. Many users still make the mistake of selecting simple passwords, such as ’123456′ or ‘password.’ If the password is a common word that can be found in the dictionary, or a simple sequence of numbers and letters, there are cracking tools that can figure out the actual password. This is why it is important to select unique passwords that are complex, such as having both lower case and upper case letters, symbols, and numbers. Passwords should also be long, to make it harder to crack.

Attackers will continue to employ various techniques to try to get their hands on user passwords. By employing better password hygiene, users can protect themselves from attack, and to minimize the damage even if the password does get compromised. Passwords aren’t perfect, but unless something better comes along, make sure your passwords are all unique, complex, and long.


Reproduced from the Zone Alarm Blog
 

Wednesday, 5 February 2014

62. More news on Windows 8


A few weeks ago I mentioned that the next version of Windows was expected to be called Windows 8.2 and would probably arrive in October – exactly a year after Windows 8.1 and two years after the original Windows 8. That all seems sensible and logical, but it now also seems to be wrong.

A new version of Windows is indeed on the way, but it’s due to arrive in April. And rather than being called Windows 8.2, it will apparently go by the exotic name of ‘Windows 8.1 Update 1’. From that name and the speed of its arrival, we can surmise that there won’t be a great deal that’s new or notable about it.

For something new (and hopefully notable), we have to wait until April 2015 and the release of what really should be the next version of Windows. Although Microsoft isn’t commenting publicly about it, there’s no doubt that some private commenting has been going on, and the rumours have a ring of truth.

The first rumour is that 2015’s version will be named ‘Windows 9’. The change of name obviously helps to emphasise that this version really is new, but there’s little doubt that Microsoft is keen to shed the name ‘Windows 8’ and its negative associations.

The second rumour is that the Start menu is coming back, and the third is that the new-fangled ‘Modern UI’ apps which currently fill your whole screen will be able to run in ordinary windows on the desktop, just like all the other programs we’ve been using for decades. In essence, then, the rumours hint that Windows 9 will herald a return to a more-familiar Windows.

More generally, they suggest that Microsoft is back-peddling furiously on its earlier plans for Windows. The whole point of Windows 8 was to expand Windows’ reach to encompass tablet computers and other touch-screen PCs, but the plan has misfired badly: most tablet users are choosing an Apple iPad or one of the many Google Android devices, while ordinary PC users have decided that Windows 8 is designed for tablets so it’s no use to them.

This perception of Windows 8 isn’t likely to change between now and April 2015 and that means three wasted years for Microsoft. In that time, Apple and Google have sewn up the market for tablets and smartphones between them, leaving Microsoft with just the dwindling PC market – the same market it had before, but now feeling rather ignored and let-down.

The one ray of hope on Microsoft’s horizon is that no-one is yet competing with Windows on ordinary PCs. Millions of PC users are drumming their fingers and waiting for a version of Windows they feel is designed for them. Windows 9 really has to be that version; the big question is whether Microsoft is willing and able to deliver it.


From PC Tips for Seniors www.pcforseniors.co.uk.



----------------------------