In their hunt for market dominance, social networks Facebook, Google Buzz, and Microsoft Live are redefining what social means and in the process, straining the bounds of personal privacy.
Facebook, the big daddy of these three, has made quiet changes to its privacy settings, ones that members need to understand if they are going to manage the distribution of their personal information.
I find Facebook useful, mostly as a way to stay in touch with a select set of my friends and former co-workers. It’s not my public soapbox nor a window into my personal life, left open to the world for that, I have blogs and Twitter.
As much as I like Facebook, it has a flaw that I’ll never see in my blogs and hopefully never see with Twitter. It seems the proprietors of Facebook find it necessary, desirable, or profitable to change member privacy settings, usually with little notice to members. In every case I can think of, privacy settings have become more relaxed more open, if you will. More »
The revised Vesik method involves typing nonsense characters into a password input box when using a public PC and then rearranging some of the letters to form your actual password with the mouse. If the PC contains a hardware keylogger or is infected with a software keylogger, rearranging a password in this way will usually suffice to obscure your credentials. Most hackers will concentrate on the 99% of users who type in their passwords at Internet cafés in the usual way.
One proposal sent in by many, many, many readers was a variation on a single theme. Namely, keep your sign-in information on a USB flash drive or memory stick, then copy and paste the info into the appropriate fields when you’re required to use a public PC or other unsecured computer.
Unfortunately, many keyloggers capture any information you place into the Windows Clipboard. I tested the copy-and-paste technique using the All In One Keylogger from RelyTec. (For more info, see the vendor’s site.) The program easily captured the sign-in IDs and passwords entered, whether I used the standard menu options (Edit, Copy and Edit, Paste) or the keyboard shortcuts Ctrl+C and Ctrl+V.
You can see whether your current passwords you do use more than one, right? are rated “strong” by using Microsoft’s online Password Checker. I bet you’ll be unpleasantly surprised by the results.
The three keys to strong passwords are length, randomness, and use of different types of characters. Each additional character multiplies the potential combinations a brute-force attack must try.
Random passwords use upper- and lower-case letters, numbers, and symbols. When at least three of these four categories are used, an eight-character password should suffice in most instances. According to the FrontLine security site, such a password would take a century or more to crack by a hacker using a single PC. The eight-character standard is also the minimum the Microsoft Password Checker deems “strong.” Of course, the more characters in your password, the safer you’ll be.
If you wish to create your own password, use a sentence or phrase you can recall easily and then tweak it for each account. More »
The disclosure of a back door allowing bad guys to repeatedly guess Gmail passwords should remind us all to protect our accounts with long and strong character strings.
There’s a straightforward way to protect your online accounts use signin phrases that are easy for you to remember but hard for others to guess.
The latest vulnerability affecting Gmail accounts was recently revealed by security researcher Vicente Aguilera Díaz in a posting on the Full Disclosure security list. (Aguilera previously revealed a Gmail flaw known as session-riding, which Google subsequently fixed, as reported by WS contributing editor Scott Spanbauer)
According to Aguilera’s new security alert, Google allows anyone with a Gmail account to guess another Gmail user’s password 100 times every two hours, or 1,200 times per day. No “captcha” keeps hacker bots from guessing passwords in this way. Worst of all: If a hacker controls, say, 100 Gmail accounts, 120,000 guesses can be made per day. Because Gmail accounts are free, many hackers control far more than 100 accounts, of course. More »
A new, or rather a newly revised threat may be coming to a browser near you. It’s called Clickjacking and it can affect all browsers. It first appeared a few years ago but little was heard of it after the first warnings. It looks like it might be back though the threat level is still quite low at the moment but these things can quickly spiral out of control. Here’s how it works. If a hacker can get access to a website they can fiddle with buttons and graphics so that if you click on what appears to be a legitimate link what actually happens is you are directed to a phoney or fake site where you unwittingly enter personal details, or in a worse case scenario, clicking the link downloads malicious software onto your PC. Of course the same kind of thing can be found on less reputable websites.
Microsoft and Mozilla have released fixes in the past but there is a way to stop clickjacking in its tracks, on Firefox at least, and that’s to install an add-on called No-Script. This creates a white list of trusted sites by blocking any attempt to run an unapproved or suspicious script within a web page. More »