Excellent initiative in the Netherlands, attempting to people more aware of cyber safety.
Description on http://www.government.nl/issues/cybercrime/news/2013/10/28/alert-online-encourages-safe-online-behaviour.html, (English)
and the alert on-line site is on https://www.alertonline.nl/ (Dutch)
awareness
Are you saving passwords for your favourite web sites in your browser? If yes, think twice. If you are using Chrome, this is not a secure at all. Have a look at this article published recently. I am not a frequent user of Internet Explorer or Safari, and am not aware of their password storage strategy used.
The issue is that you have to remember many usernames and passwords for various internet sites.
And what happen if one of your password is compromised? The “hackers” will run software that will automatically try those on a great number of sites. This was the issue that prompted Telecom NZ to ask their users to change all their passwords, without really explaining the reason behind it. All what we knew was some accounts were accessed without the knowledge of the users, and were sending spam with links towards websites.
The physical security of the equipment is not a problem, and no-one will ever be able to get physically to your PC. However, old fashion desktop PCs also get stolen. Do you really know what happen to your PC when your dispose of it? It is also a bad idea to use this strategy on mobile devices, as they tend to frequently be lost, forgotten or stolen.
Firefox is safer in that area, at it allows you to protect your database of username and passwords. with a master password. However, do not use a 3 letter password, as it could easily be cracked. It is better to aim for 8 or more letters
What is a password management software? It is usually a small application that run on your computer, tablet or phone that enable you to:
The application create a small file that is either open with a password, a key file or a combination of the two. You can store the file or files on a hard drive or a USB stick. An other possibility is to store them on a network or cloud drive to be able to get access to it from everywhere with multiple devices.
You can afford in that situation to create and memorize a long password, as it is the only one you will have to remember. But don’t go away on holiday and forget it! There will be no way to recover the content of your file. An other bad idea would be to write the password on a Postit note somewhere (by the monitor for example). I have seen people writing their master password on a piece of paper, they sticking it underneath the keyboard.
If you are using a key file, do not forget to back it up somewhere. it is also highly recommended to make a copy of you encrypted database file somewhere. Files can get corrupted. Drives can die, and they tend to do this at the most inconvenient time.
Two recommended password management software can be found on http://keepass.info/ and https://lastpass.com/
Keepass image from http://keepass.info/
Are you using of any password management software? Is there anything else you would recommend?
Why using lastpass?
Comments Off on Browser Passwords
Posted in Mobile Devices, Security
Tagged Browsers, details compromised, identity theft, password, password management, security, stolen laptop
We have learned this week that ACC clients had their personal details compromised after the theft of a laptop. You can find the summary of the incident here.
The laptop was used by a case manager who took the laptop home, in contradiction to the rules set by the organisation.
Several questions remain unanswered :
1.Why was the laptop hard drive not encrypted, if used out of the organisation?
2.Why did the case manager felt she had to records the personal detail of claimants on the laptop? If the details are needed in the day-to-day business, having a secure connection to the work network seems to be more logical.
3. Why did the case managed take the laptop home? Ignorance of the rules? Not enough time to complete the work during normal hour?
The press and ACC seem to blame the case manager, but unless she deliberately ignored the rules, this incident looks like a failure of the institution to secure its IT equipment properly.
I hope that we will learn more details about this case in the near future.
Have you got any more information about the case?
Comments Off on ACC Personal Details Compromised : Who’s fault is it?
Posted in Security
A former student from the University of Central Missouri has been jailed for 3 years and $61,500 in restitution for his role into the theft of information from the institution
With an accomplice,
They created their own computer virus, distracted an administrator, allowing them to infect his computer with a thumb drive.
The installed virus monitored the administrator network activity, and captured the username and password used. It was also able to take over the computer, using the webcam and downloading his email.
They obtained, may be through the database, the username and password of a residence hall manager and use this to complete financial transactions in their favour.
They also stole and used the identity of other students to access various portions of the network. They also used this to mask their activities, having other students blamed for their actions.
They installed their virus on several other computers in labs and the library, gaining control of them and stealing more data in the process.
They accessed an affidavit used in support on a search warrant, and went on attempting intimidating potential witnesses against them
The full story can be found here
When is the last time when you click on an email with a link? Do you know the sender of the email? Does the target URL look unusual?
When is the last time you downloaded and installed free software ?
These are 2 methods commonly used to infect computers with the same type of computer virus or malware. Have you checked your bank statements recently?
Don’t do what is described in the previous paragraph! You could use as a browser Firefox, associated with the plugin no script. However, No Script can get in the way of browsing some sites, and forces you to make decision about what you want to accept as page content.
Make sure that you have an up-to-date antivirus software, and complete regular scans.
If you are a Windows user, you can also used windows defender, a good program available as a standard in Win 7 and 8. This program does not replace antivirus software, and detect other type of threats. Start with an in depth scan and then on with regular scan. You should be able to find Defender in the control panel of your PC.
If you are an Apple user, let us know if they is a similar program available.
If you suspect your PC is infected with a computer virus, even if your antivirus software and Defender find nothing, ask a professional to examine it.
Better safe than sorry!
Comments Off on Another hacker caught
Posted in Security
Tagged anti-virus, Defender, hackers, virus
How to secure wireless networks?
In this easy to understand article, John Laster describes ten different technologies used to secure wireless networks. A lot of these can be extended to wired networks.
Most of those technologies can be implemented at home to secure wireless networks. The most commonly used should be WPA2-PSK. I would not recommend using WEP as it would be too easy for amateur hackers to crack.
Remember that you are legally responsible for the action of the users on your network.
Using WPA/WPA2
A patch for a pach? surely not?
http://www.theinquirer.net/inquirer/news/2261266/microsoft-releases-patch-for-buggy-security-patch