What is your password? Just kidding, don’t tell me, I will just guess and maybe get it right. Or I will easily hack into it with any number of programs available on the internet. We live in an age where one can search for anything on the web and receive information like how to build a bomb. ?Breaking passwords is easier, so be prepared.
Here at Computer Geeks we see it happen all the time. People call in asking for help recovering their email or even their log-in so they can access the computer, because the evil hacker guessed “monkey” and got it right. Stop these weasels before they really do some damage to your email or computer.
A computer security company called Duo Security ran a decryption of hundreds of thousands of passwords and was able to crack everyone of them, simply because they were “weak”. A weak password contains only letters and numbers, sure mixing them up with alphanumerals is good, but not enough.
Passwords seem like something to get it out of the way so you can sign up or log in fast. This attitude can prove to be fatal, as hackers can just as easily decrypt passwords like Duo did, but with evil intentions reek havoc on your personal files.
Some of the accounts that Duo cracked into were from federal and state government agencies, with employees providing weak passwords, anyone with a knowledge of hacking could have access to confidential information that is very valuable. If you think your email was one of the ones tested, go to this?Web-based tool to find out just type in your email address.
Personally I used to just put in a funny name or something relevant to my life that I could remember. I learned quickly that it is not what I can remember, but what someone who wants to access my files remembers. Now I am being safe by using letters, a symbol or two, and a number. This is the safest bet to ensure that hackers will at least have a harder time trying to get in.
The most common ways of hackers is to guess:
the user’s name or?login name
the name of a?significant other, a friend, relative or pet
birthplace or?date of birth, or a friend’s, or a relative’s
automobile license plate number, or a friend’s, or a relative’s
office number, residence number or most commonly, their mobile number.
a name of a?celebrity they like
a simple modification of one of the preceding, such as suffixing a digit, particularly?1, or reversing the order of the letters.
a swear or curse word
If you use the last one on this list, you might as well deserve to be hacked into and destroyed. But for the rest of you out there enjoying the a small sense of security when you login to accounts such as PayPal, online banking, or online stores with saved credit card information, it is time to open your eyes to the big picture. You know, the one where you are hiding in the corner because all your information was hacked into and used to buy all sorts of lewd and unexplainable items. This is something you could have avoided if you had heeded the advice given at Computer Geeks Blogs and changed the password to something like: ilovegeeks@123
It can’t hurt, but it will if you are not smart and leave the password at: “iamamonkey”
Remember Monty Python’s Flying Circus? One of the skits is done in a cafe where the only item on the menu is Spam. “Spam! Spam! Spam! Spam! Lovely Spam! Wonderful Spam!” sang the Viking patrons at the cafe. That is where all that nasty lunch meat reference of an annoying computer scam comes from.
Not many people are big fans of a can of Spam, there are some who enjoy the taste, but I do not know of anyone who likes electronic spam. Spam is spread out all over the internet and is designed to attack computers gathering information, data, or just giving them viruses. It began back in the 90’s with the use of email, spammers sending out thousands of bogus emails. Email providers even had to get a service that detected spam and sent it to a separate folder. But even that is not keeping out the crap as spammers find new ways to infiltrate and bypass security systems to annoy you even more.
I read in a message that a person had 493 messages that were spam, wow.
Today, botnets are software agents that run by themselves and are independent once they are set up by a hacker or spammer. They are sent out through distributed systems, systems that are autonomous and communicate with other computers in a network. Hence the name: ‘roBOT NETwork’. These robots are designed to infect your computer with trojans, worms, and other malicious wares.
In fact, the email botnets send out so much spam equaling 85-90% of all messages send and received!
Spam does not stop at emails, they reach out to instant messaging, social media such as Myspace and Facebook, and even blogs like Computer Geeks. I cannot tell you how many spam comments I get with bogus links to websites or just random words to fill and clutter the inbox.
The number of spam messages for the United States reached 6.6??Trillion this past year, they were second only to Brasil with 7.7 Trillion, and India came in third with 3.6 Trillion.
This is a costly business, spam means manpower, loss of productivity, and additional equipment and software, in 2007 the United States spent $13 Billion alone on combating it. What can you do at home to fight back against these bots? Not a whole lot.
These botnets are so numerous to name, trying to will give you a headache, which is exactly why they are designed. The infected computers, called “zombies”, send out all those annoying emails about Viagra or Cialis, or new products, or a girl who wants ?to have sex with you(check to make sure it might be a real one).
You might not even know it, but your computer could be infected and be sending out messages! Once the virus is installed, the “botmaster” can control is from anywhere. Recently a botnet named Rustock has become the biggest of the bots, controlling over one million bots sending out over 44 billion spam messages a day(Symantec study).
They are getting harder to detect too. These new botnets can be detected right away with the security softwares, so they are switching from carrying bulk messages to carrying smaller amounts so they can slip right by and into your inbox.
Bottom line, there will always be spam sent out in the billions every day. It is a fact of life, as long as internet exists, so will spam. Yum!
It does not come soon enough, this holy holiday, when depression rates soar and stress doubles during a a few months in the winter; yes, Christmas is here!
We all know shopping is done and the gifts are bought for our kids, friends, and loved ones, but this year it seems everyone is going online to shop. This brings up new threats to your security and new ways for those pesky thieves to get your money. Here are ways to protect against them and make sure the season is as jolly as it should be.
If you have kept on the blogs at Computer Geeks, you are one step above everyone who has not, because you know about phishing attacks. These are fake websites that grab your info without you even knowing it, usually by clicking on a link that goes to a website set-up by a hacker. During the holiday season, these attacks increase ten fold because people are ignorant to phishing, thus making it easy to hack into your credit or debit card information as they surf and shop. Be careful, be aware, check the URL that loads from a link on website or email-make sure it matches what the address bar says.
While you are looking for the coolest toy or newest video game that your kid just has to have, before you fill out the form of payment with your credit card information, check the website for signs that verify that it is secure. First look at the address bar, look at the beginning of the address: if it has HTTPS you are good. Also look on the bottom of your browser, it usually has a locked padlock to show that it is secure. Most big sites like?Amazon, EB Games, and Best Buy?actually have certificates of security on their sites.
Here is a good one, forget using debit cards unless you are okay with putting information such as access to your bank account. Use credit cards.
There are certain security questions that a site might ask you, like where you have previously lived, answer them. These are designed to make sure you are who you say your are.
Attacks happen all the time on the internet, you may think it won’t happen to you, until it happens and ‘what are you gonna do’ is all you can say. Don’t be that schmuck, take action. Arm yourself with sufficient facts that will keep you safe this holiday season. When you are spending all that money on things that will probably become trash in a couple years, remember that there are people out there with the means and the will to access your information. But they cannot if you know what to look for.
That is our goal, my goal in this blog, to educate the masses of people out there of the risks posed by the internet. It is a scary world today, and today’s world is online, so what are you doing to protect yourself?
Turn on the computer, wait a couple minutes for it to load up, click on your internet browser, and enter into a world where anyone can see where you are and what you are doing. Sure, we keep our business and personal life separate right? That is why we have “personal” and “work” computers, but there is a big difference as to how the meaning of “personal” actually is true. You cannot go anywhere now without being taped, you are tracked by purchases and paper trails, and now it seems that the little privacy you had left is gone.
Wish you could put the “History” behind you? After you click on your internet browser and start to surf around the web, everywhere site you visit is recorded and saved, making it very easy for people to find out what you are up to. You might be saying to yourself, “Yes this may be true, but not for me because I am a virtuous person, there is no need to worry about someone finding out my History!” That’s nice, but what we are talking about is the fact that people can get into personal files that could hurt you regardless of the porn sites or other personal adventures that might make you look bad.
Let us say that you use a payment service online that transfers money to your bank account. By the hackers finding out this information, regardless of the fact that reloading the page won’t work, they may have the means to get into that site with your personal log-in information. Feeling scared yet? I am, because I use this very system and preventing something like this is crucial.
Luckily, Google Chrome,?Mozilla? Firefox, and Apple’s Safari have taken these preventive measures by not allowing for JavaScript to run in your browser. Phew!
There is a name for people who snoop around your personal information: history sniffing.At University of California, San Diego, researchers have discovered 485 of the 50,000 of the most popular websites are exploiting a flaw that allows them read your browser’s web history.
Notice how you click on a blue link, revisit the site and the link has turned purple, marking that you have already clicked on this link. What hackers can do is hide links on a certain website, say for example to Facebook or Twitter, then use the spying sites to use JavaScript code to find out the color of the links are.
JavaScript coupled with the use of Cascading Style Sheets, a common website language, make it very easy to track where you have been on the internet. Some of those 485 sites actually download your entire web browsing history! Whether you are doing illegal activities or you are a saint that only uses the internet to write emails, the fact that people can find out this information is kind of creepy. There is no privacy anymore, especially in the computer world, where history hackers are getting into the “trash” and checking out personal files.
This threat has been an on-going concern for web browser developers and security experts for the past five years. It is a very serious threat because it involves you and me, the victims when a hijacker takes over the computer without us even knowing what hit us.
Hackers can easily snatch up all the cookies in the jar. HTTP cookies are the reason we have anti-spyware, malware, and weaknesses in the wall against attack from invaders. They leave a trail of information, since they are basically text files saved by the web browser, a hacker can follow the trail towards sensitive, personal information saved from the internet. Here is a couple tricks the hackers will use to pull your pants down, no one wants to be caught with their britches hanging out in the wind, so Computer Geeks will tell you how to prevent this from happening too.
Session Fixation: A session is when you log onto the internet, either through LAN or Wireless. The fixation is sending a link that will set the user’s session id once the user logs in. Once this is done, the hacker has easy access to that user’s computer.
Sidejacking: This is a common attack from hackers where they sniff out the packets of information being sent back and forth between two parties and steal the session cookie. While many sites encrypt the login password at the homepage, the rest of the site is often unrestricted, allowing hackers to intercept the information that the user might think is secure yet little does he know…a hooded, sniveling little junior high genius knows this is his in, his entrance into your computer. WiFi are vulnerable and are perfect for hackers to run around hijacking your browser and stealing all the files you thought were safe.
Cross-site scripting: Another widely used and widely damaging attack by hackers who want to hijack your computer is by a trick. The trick is by fooling the computer into thinking the code is trusted, meanwhile it is malicious and once in your computer-devastating.
Man-in-the-Middle: The worst one of all. Let’s set the stage for this attack: Two people are involved in a private conversation online about matters that do no need to be heard by anyone else. On the side is a third party, an unknown party that could benefit from the information being said between the two people. All the third party has to do is wait for one of them so send the public key, and once that is intercepted, the third party can impersonate the two people and take complete control of what is talked about. Scary. The best way to prevent this is to put passwords on public keys so that when you are using WiFi, it is not open for hackers to jump right in.
We talked about the different types of hijacking, now let’s talk about preventing them.
Use a long, random number as your session key, this stops the hacker from guessing the key through trial and error. Encrypting your session is a good way to waylay attackers by creating complicated algorithms that will make the sensitive information only readable to you and others who have the key.
One simple and easy tip that Computer Geeks will leave you with: log out when you are done with a session, it will save your life.
