Category: security

Securing your online passwords

On ABC Sydney we look at how you can make your passwords move secure

Every Internet user has to struggle with the burden of passwords as we’re expected to remember dozens of log in details for various websites and computer networks.

As we’re seeing though, passwords aren’t that effective with universities and private companies being hacked on a regular basis. The problem is so bad banks are considering moving to fingerprints to replace PIN and password logins.

Even if passwords are going to become irrelevant as we move to biometric logins like fingerprints and iris scans they aren’t going away quickly, so how do we protect our important online accounts?

Use different passwords

One of the key ways to protect yourself is not to use the same passwords for every site. Some critical sites, like your online banking and email, need protecting with strong passwords while others like social media sites don’t require such tough security.

As we’ve seen with various security breaches, most notably the continual Sony hacks of 2011 and the deeply embarrassing Stratfor leaks, even the strongest passwords are useless if some dill leaves them on an unprotected server.

Use strong passwords

For the sites that matter, make sure the passwords are strong. You’ll find how to make memorable, easy to use and strong passwords on the Netsmarts site.

You don’t need to use strong passwords on every site, for some websites that require registration to access you might want to fall back on the much maligned password or 12345 for those publications.

Change default passwords

Most of the hacks on university and corporate networks happen because the default passwords on servers aren’t changed. This was also how News International workers broke into British mobile phone message banks.  When you get a new phone or tablet computer, make sure you change the basic passwords that have come with the device and any associated service.

Update your systems

One of the biggest vulnerabilities for home and business computer systems is unpatched systems. Malicious websites, viruses and various tricks use known weaknesses in computer systems to bypass security measures. This applies to Apple Mac users as well.

Consider two factor authentication

Two factor authentication involves having double security, this could be a password linked to a SMS or a special one-off code. Services like Gmail offer this as do many corporate networks and banks.

Be careful linking social media services

A bigger risk than hackers is phishing where someone tricks you into giving away your password. This has become very common in hijacking social media accounts.

If you’ve linked various social media services together then one being compromised can mean bad guys have access to all of your accounts, so be cautious about what applications you allow to connect with your Facebook page or Twitter account.

For businesses

Cyber security is critical for business, it’s been estimated that one in six companies who’ve been compromised will fail as a result of the breach and a credit card lapse can be expensive as well as embarrassing.

The Australian government’s Defense Signals Directorate has an excellent guide to securing computer networks. The DSD’s research shows that just following four basic rules will prevent 85% of attacks.

We should also keep in mind no security system is perfect. Just as your car doors or home can be broken into by a determined thief, the same is also true with computer networks, a skilled operator with enough time and resources can beat even the toughest cyber security regime.

Similar posts:

ABC Nightlife Computers: The state of tech

July’s ABC Nightlife tech looks at viruses, online frauds, security and social media

Join Paul and Tony Delroy to look at some of the trends and events that are affecting how you use phones, computers and internet in your home or business.

A lot’s happened in the tech world over the last few weeks – Facebook has gone from the web’s golden business to being shunned, new tablet computers have been launched and we’ve had a virus threaten to knock people off the Internet.

If you missed the show, you can listen to it online through the Nightlife website. Some of the topics we looked at included;

  • So what was the DNS Changer Trojan? Did the FBI really take over a criminal computer network?
  • Could a virus really damage computers and bring the Internet to a halt?
  • Is it true the US, Israel and North Korea are using viruses to attack other countries’ computers?
  • Should we worry about viruses on smartphones and tablet computers?
  • What about virus hoaxes? There’s a good one going around about Facebook at the moment?
  • Both Microsoft and Google have launched new tablet computers, will they knock off the iPad?
  • Microsoft’s tablet is going to run the new Windows 8 operating system, how does that look?
  • Facebook seems to have gone from hero to zero since they launched on the stock market. What happened?
  • There’s been some pretty serious Facebook privacy changes recently, what should people watch out for?
  • Microsoft have had some big security updates this week, what are they.

For the Microsoft updates we mentioned, the major security updates can be downloaded from the Windows Update page or the Automatic Updates in Windows Vista and 7.

Windows 7 and Vista users should also disable the desktop widget feature, Microsoft have two fix it tools available for download and users should run both.

Listeners questions included the following problems;

Alternatives to Outlook Express

George was looking at upgrading to a new version of Windows that doesn’t have Outlook Express included but still wants a computer based email client rather than trusting a cloud service.

Some of the alternatives include;

Antivirus programs

Margaret asked about antivirus options for Macs, there’s a couple of free antivirus programs designed for the Apple Mac

For Windows users, the easiest free anti-virus to use is Microsoft Security Essentials.

Microsoft Silverlight on Android

Accessing Microsoft Silverlight based services like NineMSN on Google Android devices can be a problem as Jason found.

Unfortunately at this stage there’s no clear solution for playing Silverlight sites on Android devices as Moonlight, the open source Silverlight player has been abandoned.

Next Nightlife spot

Our next Nightlife tech spot will be on August 6 and we’ll decide the topics closer to the dates. Watch the website for details over the next few weeks.

Similar posts:

Dealing with the DNS Changer Trojan

On Monday computers infected with the DNS Changer Trojan will stop surfing the net. Make sure you aren’t infected.

On Monday, thousands of computers around the world will be cut off the web as the servers behind the DNS Changer Trojan Horse are shut down.

The DNS Changer did exactly what the name says – it changed a computer’s Domain Name Service (DNS) settings so that all web traffic went through servers belonging to the virus writers.

Eventually the writers were caught and the computers were seized, in order to avoid disruption the servers were left running but they will be shut down on Monday.

On Monday, those computers still infected won’t be able to surf the net until the problem is fixed.

How Do I Know I’m infected?

As part of the Shutdown, the DNS Changer working group was set up. On their site they have a  detection tool website that will tell you if your computer is infected.

How can I fix the problem?

The easiest fix is with the Microsoft Malware Scanner which will check your computer for the DNS Changer virus along with other malware. If the scanner detects a problem it will remove the virus. IT Queries also have instructions on Removing A Trojan.

To prevent further infections, it’s necessary to install an up to date anti virus. A good free one is the Microsoft Security essentials tool.

The DNS Changer Trojan was very effective malware and it illustrates why computer users need to be careful of where they go on the mean streets of the Internet.

Similar posts:

702 Sydney Mornings Technology

On this show we look at how to avoid malware and protecting your digital legacy

On 702Sydney Mornings this month with Linda Mottram, we’re looking at the continued story of the Flame and Stuxnet worms along with some trickery from the North Koreans who tried to shut down South Korea’s Incheon International Airport with a computer virus.

To help you avoid being infected there’s a detailed description on the Netsmarts website on setting up your computer to avoid being infected.

We’re also looking at protecting your digital legacy in an era when social media services like LinkedIn and Facebook can keep your memory alive long after your passing.

Join us on 702 Sydney from shortly after 9.30am. We’ll probably take some calls on 1300 222 702 and we’d like to hear your views, comments or questions.

Similar posts:

Taxing the Internet laggards

Should users of old software pay more?

Online retailer Ruslan Kogan is never short of a good stunt to promote his business. His latest, a tax on users of Internet Explorer 7 has given him worldwide attention.

Ruslan touches on a real problem for web designers, e-commerce shopkeepers and the online community in general – that Microsoft’s older versions of their Internet Explorer web browsers don’t conform with standards.

This means IE6 and 7 don’t display pages the way other browsers do meaning designers have to spend extra time catering for the people who won’t move to new versions.

For those who insist on using the older versions of Internet Explorer, they are also taking a risk as these products are far less secure than the newer editions.

It’s in everybody’s interests to have the latest browsers and security patches, so both Windows and Mac users should be making sure they have the latest updates on their computers.

Even with the latest updates, it’s worthwhile using a different web browser to the one that comes with the system. That’s why Opera, Mozilla Firefox or Google Chrome are the better options for web browsers.

Ruslan Kogan’s right in forcing users to move onto modern software, it’s a media stunt that might do some good.

Similar posts:

Security and convenience

Good security is always inconvenient. We have to learn to live with it.

“Your security advice is too difficult, I don’t want to log in when I start my computer or have to mess around when I have to install new software,” a lady told me on the weekend.

Security is always inconvenient. It would be far more convenient if car doors weren’t locked and starting them was a matter of flicking a switch.

Of course we know if that was the case, most cars would be stolen within hours of buying them.

We accept the inconvenience of car keys because we know the cost of having a vehicle stolen is way higher than the occasional frantic search for lost car keys.

Right now we don’t value our data, computers or smartphones the same way.

This is changing and as we start using our phones as electronic wallets we’ll start valuing our passwords and online security more than our car keys.

 

Similar posts:

Security and cloud computing

Understanding risks with online computing is the best way to manage it.

Last Friday cloud accounting service Saasu ran their Cloud Conference looking at the business benefits of online computing and business automation.

Among the topics discussed was the security of cloud computing with Stilgherrian giving an excellent overview of the state of information security.

Stil’s message is clear; online security is everyone’s problem – if the bad guys want to target you for whatever reason they will.

As a business owner, it’s essential to take basic precautions. This is something I’ve covered before and something Stil raises in his presentation by pointing out that Australia’s Defence Signals Directorate lists 35 mitigation strategies based on the security breaches they examined in 2010.Stilgherrian's recommendations on securing computers

Of those thirty-five, the top five would prevent 85% of security breaches. The top one – keeping your applications up to date – would avoid almost every PC malware attack along with Apple Mac’s Flashback worm.

In answering my question about how Saasu and other cloud computing users can protect their system, Stil also raised a good point about using virtual machines for web browsing and even purchasing a computer just for business accounting and banking use so the services can’t be compromised.

Related to this topic is an ongoing discussion on the Reddit forums between posters claiming to be malware writers and botnet operators.

While it’s risky to trust everything you read on Reddit, the tips are worthwhile, particularly the advice to “disable addons in your browser and only activate the ones you need.”

By reducing the number of programs running on your computer or the add ons in your web browser, you lessen the risk of being infected. Again this would have protected the victims of the Flashback worm.

The security of our systems is our own responsibility, just like our home and office security.

Cloud computing is no different to other computing – the basics of information security, or #infosec, are the same regardless of whether you’re using software on your computer or the cloud.

Used responsibly, cloud computing is no less or more secure than any other computer or smartphone use. We shouldn’t underestimate the risks, or get hysterical about the threats.

Similar posts: