Thursday, February 18, 2010

Over 75,000 systems compromised in cyberattack

Over 75,000 systems compromised in cyberattack
via computerworld.com

Security researchers at Herndon, Va.-based NetWitness Corp. have unearthed a massive botnet affecting at least 75,000 computers at 2,500 companies and government agencies worldwide.
The Kneber botnet, named for the username linking the affected machines worldwide, has been used to gather login credentials to online financial systems, social networking sites and e-mail systems for the past 18 months, according to NetWitness.
A 75GB cache of stolen data discovered by NetWitness included 68,000 corporate login credentials, login data for user accounts at Facebook, Yahoo and Hotmail, 2,000 SSL certificate files and a large amount of highly detailed "dossier-level" identity information. In addition, systems compromised by the botnet also give attackers remote access inside the compromised network, the company said.

 Read entire article

Posted using ShareThis

Saturday, February 13, 2010

Passwords make a difference in keeping your accounts safe from hackers

Lately I've had an influx of people that have had their Facebook, Gmail, Yahoo and other accounts hacked only for someone in Nigeria to ask me to wire them money.  Do they really think that I am going to wire $2000 to someone I have just reconnected with?  No.  What I usually do is throw in a stumper in the chat.  Something the hacker won't have a clue about.  Not something that is true, but something that is false because the hacker will agree.  The other day someone asked me to wire them $3500 to London.  Now I haven't seen or heard from this guy since 8th grade so the fact that he's asking for money is already throwing up red flags, but I go with it.  Then I ask "How's my best UVA roommate doing?"  He answers; "I could really use the help."  Now, I know he went to Virginia Tech and saying he went to UVA would be like branding him with red hot pokers.  Furthermore, we did not even go to school together so being roommates was definitely not the truth.  At that point I knew his account was hacked.


How did his account get hacked?  Every account you open up on the internet requires a password.  It's the old daunting "what password can I make up today" scenario.  Most of us have one password that we use over, and over, and over, and over, well.... you get the point.  How secure is that password?  Can I guess it? Is it a variation of your username, real name, wife/girfriend's name, kids' name, dog's name?  I can guess those.  Most of the time, the hackers run programs that just try a bunch of passwords in a list.  This is what I call the "well known passwords and variations" list.  Do you really think that Pa55w0rd is a unique password you thought up and was cool?  No.  As soon as they get one password, they look for other accounts.  They then try the same password on the other accounts.  Once they have your email account, watch out, because they can reset passwords on just about any other account on the internet you created with that email address.


So, you ask, what is the casual, non-geeky internet user to do?  


Build a better password.  There are plenty of random password generators out there so use one.  When you register for a site, make sure that the password is random.  Now, you ask, how do I keep track of all these passwords?  I don't want to have to remember a different gobbledygook password for each site.  Well here's where technology comes into play.  In your browser, you have the option to save the password for each site.  Use that.  Many security experts say not to use it, but I say go for it.  There are only two scenarios where this poses a risk and those are when your computer gets physically stolen or totally hacked into.  I'll put up another blog post about securing your computer so that nothing can get accessed when it gets stolen, and someone trying to hack into YOUR computer doesn't really happen much anymore.  You can secure your computer against that with good anti-virus, anti-spyware/malware and a decent firewall.
If that doesn't tickle your fancy, you can use a password manager.  This is a program that you install on your computer that keeps track of all your passwords for the different sites.  Some can even automatically log you in or copy & paste your password onto the webpage.  My personal favorite is KeePass password Safe. (http://keepass.info)  This password manager will not only keep your passwords, but will automatically generate a new random password for you every time you create a new site.  The second bonus, it's FREE.


Give better answers.  Many of the sites ask you some "challenge questions".  "What's your mother's maiden name?" or "What city were you born in?" are the most common.  These are also easily guessed.  I can research the 'net and find out where you were born or what your mother's maiden name is without even having access to anything but your full name.  Here is what I like to do.  Make up your own and rotate the answers.  Put together a decoder key of sorts.  Every time a site asks for your mother's maiden name, put in your birthplace, or your first pet's name, or the street you grew up on, or even better some non-sensical answer. Just make sure you have a good decoder sheet for it.  You can also use the KeePass Password Safe to manage this since each site has a "notes" section.  In here you can put in the challenge question and how you answered it.


Stay safe out there on the 'net.  It's powerful, fun, entertaining, and dangerous.  When you put a lock on your house, you use a unique key that's hard to guess what the ridges look like.  You don't use one that has no ridges or only one.  Do the same for your online "house".  Use a good key to lock it all up.