The disclosure of a back door allowing bad guys to repeatedly guess Gmail passwords should remind us all to protect our accounts with long and strong character strings.
There’s a straightforward way to protect your online accounts use signin phrases that are easy for you to remember but hard for others to guess.
The latest vulnerability affecting Gmail accounts was recently revealed by security researcher Vicente Aguilera DĂaz in a posting on the Full Disclosure security list. (Aguilera previously revealed a Gmail flaw known as session-riding, which Google subsequently fixed, as reported by WS contributing editor Scott Spanbauer)
According to Aguilera’s new security alert, Google allows anyone with a Gmail account to guess another Gmail user’s password 100 times every two hours, or 1,200 times per day. No “captcha” keeps hacker bots from guessing passwords in this way. Worst of all: If a hacker controls, say, 100 Gmail accounts, 120,000 guesses can be made per day. Because Gmail accounts are free, many hackers control far more than 100 accounts, of course. Read More»
Posted in Internet, Software | No Comments »
February 10, 2007 by
Jason When, in August 2006, a vendor for AOL released search records on 657,000 AOL users, it was easy to look at the queries associated with specific users and determine what kinds of people they were and ultimately who they were. Your online activities could do end up in a database somewhere. Read the privacy policy of your favorite search engine, and you’ll see what methods it employs to collect valuable data about its users. Then consider how many times you’ve read about security breaches that result in data leaks.
There is a way to remain somewhat anonymous on the most popular of all search engines, Google. Remember that if you have a username log-in with any of the Internet search engines -say, a Microsoft Passport or a webmail account -their systems can build a profile of you. If you’re truly paranoid you may want to delete or cancel any free e-mail accounts that are associated with Web search engines and scrub their cookies from your hard drive. If you use any of the services from Google, such as Wallet, Groups, Gmail, or AdSense, or even if you get paid by Google AdWords on your own Web site, then you have an account that points back to your identity. This means that everything you do within the search can now point back to you as a unique user. See how it’s done… Read More»
Posted in Internet | 3 Comments »
Loading ...
