Yesterday’s denial-of-service attack on Wikileaks got me thinking about computer security and what I should be doing differently. While that attack is of a different methodology (essentially too much traffic at once) most end-users, if attacked, will fall prey to a password attack, so let’s start there. The fact that even Wikileaks, an uber-secret place where security is tantamount and many bright minds work, was vulnerable to a known method underscores just how unsecured we may be online.
In a separate recent Apple Store fiasco, Gawker reported that many store users who had their iTunes linked to PayPal, which was then linked to their bank account, were defrauded out of their savings. It is reported that many accounts were cleared entirely. It’s not known right now where the actual security breach occurred; were the Apple servers actually compromised, or were only the low hanging fruit of users with bad passwords targeted? Either way it is a cause for concern, and net users should make sure to protect themselves out there.
See below for some tips that you may find helpful. Have one of your own? Share it in the comments section.
Your primary email needs a unique, robust, and secure password.
For scammers and phishers the key to the city (your city) is gaining access to your primary email account. From there they can simply click the “lost password” link on your favorite websites to reset your password. This makes the damage two-fold; not only is someone posing as you online, they have also locked you out of your accounts. It can take months, or even years, to fully recover from an email intrusion. A good email password should not be shared with any other accounts, not include “known” information such as birthdays, and include numbers and special characters such as $ or #.
I fail here in that while my password is very secure (something along the lines of L337h@x0r) I do share it with a few other accounts.
Always password-protect your computer.
Password protected computers aren’t just for Enron execs and cheating husbands anymore. Far from it, all computers should require a password to log-on, restart, or wake from sleep. This increases your online security in two manners. First, a password will protect you from “real world” snoops and prying eyes. Second, simply having a password will prevent most spyware, viruses, and other malware from harming or hijacking your computer. Almost all of these programs require administrator privileges to run, so if your computer requires a password prompt you should be in the clear.
Here I again fail, but this time I at least fail with an asterisk. I do not password protect my home computer, but since it is an Apple there are very few malicious programs targeting it. Still, I should do better.
Even the weakest part of the chain must be secured.
The credentials to your NetGear router are Admin/Password. If I had to guess the IP address is 192.168.0.1. Surprised? You shouldn’t be… why would NetGear make a default password and IP address especially for you? All areas of your network should be considered possible entry points for intruders and must be given secure passwords. Consider when you check your investment portfolio online: if your financial institution is like mine it requires you to have a robust password, unique username, and perhaps even a site key. Very secure. However, if you didn’t change that router password your neighbor could simply connect and learn these credentials as your data is passed through from your computer to the router to the modem. You didn’t even make it to cyberspace and already your personal information has been compromised.
And yes, my home router is still set to Admin/Password.
Stay safe out there friends!
The above article contains helpful hints that may work. It is not a substitute for one-on-one professional advice.
No comments:
Post a Comment