Tag Archives: facebook

How to Ensure Your Social Profiles Will Never Get Hacked

Facebook notifications

Getting hacked can cause an unlimited number of problems for you and your reputation. The last thing you need is to see your profiles fall into the hands of someone else. The key is not to act when it happens but to act before it happens. This guide is going to show you everything you need to know about preventing your social profiles from getting hacked.

The Password Issue

To begin with, you need to make sure that you are crafting the right passwords. A weak password is the front door into your social media accounts. Many hackers will use the brute force method, which is where they simply attempt to guess your password. Automated software will continually try different combinations until it finds something that works.

The only way you can defend against this is through using upper and lower case letters, along with numbers and symbols. This password should be changed on a regular basis. Just make sure that you don’t come up with a password that you yourself can’t remember.

When storing your passwords, you should make sure you have adequate storage methods. Don’t keep them in a place online or offline where they can be immediately accessed.

The key here is to share your passwords with the smallest number of people possible. They should be kept on a strictly need to know basis.

Technology

You may not have heard of sign-in technology before. It’s a fairly recent invention and it allows people to access your social media accounts without knowing the password. The way it works is that employees click the sign-in software and it will automatically allow them to access the social media account in question.

This technology will only be able to be accessed on certain company computers. This will allow you to keep all information centralized with one person. That means you always have one or two people to take full responsibility for the company’s passwords.

It doesn’t cost a lot to utilize this technology. There are many software bundles that will provide free services like this. It only takes a few minutes to install this technology on your computer.

The Most Common Path – The Email Hack

Despite the fact that spam detectors have become more proficient than ever before, hackers will still use emails in order to capture people’s information. As soon as you click on the offending link, you will be redirected to a page that looks remarkably similar to a genuine page. Once you enter your information, the hacker will capture that information. They may even attempt to install Spyware on your computer.

The emails that reach your inbox will contain links that you have to click on; usually in relation to a compromised account.

So how do you know whether something is genuine?

There are two ways to do this. First of all, you can mouse over the link and in the bottom right of your browser it will show you the full link. There will always be a slight change in the URL that will reveal it as a link you should avoid. But the best way to check if an email is genuine is to access the relevant website manually, like you would normally.

One other option you have to get around this entirely is to use a platform like Sprout Social or HootSuite to access your social media accounts through a third-party platform. It acts as a shield so your accounts cannot be hacked directly, since you are never accessing them directly.

Your Computer’s Security Arrangements

You can have the strongest password in the world. None of that is going to matter if your computer or network is vulnerable to attack, though. There are hackers who can install software on your computer that can allow them to take control of it remotely.

Then they can use things like sign-in technology against you because they can click the buttons without your input. Install the best anti-virus system you can, update it regularly, and be willing to pay for the best. This is not an area where you should compromise.

How will you protect your social media accounts from hackers today?


This article was written by Abdullahi Muhammed from Business2Community and was legally licensed through the NewsCred publisher network.

Password cracking attacks on Bitcoin wallets net $103,000

Hackers have siphoned about $103,000 out of Bitcoin accounts that were protected with an alternative security measure, according to research that tracked six years’ worth of transactions. Account-holders used easy-to-remember passwords to protect their accounts instead of the long cryptographic keys normally required.

The heists were carried out against almost 900 accounts where the owners used passwords to generate the private encryption keys required to withdraw funds. In many cases, the vulnerable accounts were drained within minutes or seconds of going live. The electronic wallets were popularly known as “brain wallets” because, the thinking went, Bitcoin funds were stored in users’ minds through memorization of a password rather than a 64-character private key that had to be written on paper or stored digitally. For years, brain wallets were promoted as a safer and more user-friendly way to secure Bitcoins and other digital currencies, although Gregory Maxwell, Gavin Andresen, and many other Bitcoin experts had long warned that they were a bad idea.

The security concerns were finally proven once and for all last August when Ryan Castellucci, a researcher with security firm White Ops, presented research at the Defcon hacker convention that showed how easy it was to attack brain wallets at scale. Brain wallets used no cryptographic salt and passed plaintext passwords through a single hash iteration (in this case, the SHA256 function), a shortcoming that made it possible for attackers to crack large numbers of brain wallet passwords at once. Worse, a form of the insecurely hashed passwords are stored in the Bitcoin blockchain, providing all the material needed to compromise the accounts.

By contrast, Google, Facebook, and virtually all other security-conscious services protect passwords by storing them in cryptographic form that’s been passed through a hash function, typically tens of thousands of times or more, a process known as key stretching that greatly increases the time and resources required by crackers. The services also use cryptographic salt, a measure that requires each hash to be processed separately to prevent the kind of mass cracking Castellucci did. Security-conscious services also go to great lengths to keep password hashes confidential, a secrecy that’s not possible with Bitcoin because of the transparency provided by the blockchain.

Brain drain

According to a recently published research paper, the brain wallet vulnerability was known widely enough to have been regularly exploited by real attackers going after real accounts. Over a six-year span that ended last August, attackers used the cracking technique to drain 884 brain wallet accounts of 1,806 bitcoins. Based on the value of each coin at the time the theft took place, the value of the purloined coins was $103,000.

“Our results reveal the existence of an active attacker community that rapidly steals funds from vulnerable brain wallets in nearly all cases we identify,” the paper authors wrote. “In total, approximately $100K worth of bitcoin has been loaded into brain wallets, with the ten most valuable wallets accounting for over three-quarters of the total value. Many brain wallets are drained within minutes, and while those storing larger values are emptied faster, nearly all wallets are drained within 24 hours.”

The paper, titled “The Bitcoin Brain Drain: A Short Paper on the Use and Abuse of Bitcoin Brain Wallets,” is scheduled to be presented later this month at the Financial Cryptography and Data Security 2016 conference. Its publication comes about six months after Brainwallet.org, the most widely used Bitcoin-based brain wallet service, permanently ceased operations. The service voluntarily shut down following the Defcon presentation by Castellucci, who is one of the authors of the most recent paper.Crackers tap new sources to uncover “givemelibertyorgivemedeath” and other phrases.

To identify brain wallets and then crack them, the research team compiled 300 billion password candidates taken from more than 20 lists, including the Urban Dictionary, the English language Wikipedia, the seminal plaintext password leak from the RockYou gaming website, and other large online compromises. By collecting words and entire phrases from a wide body of sources, the researchers employed a technique Ars covered in 2013 that allowed them to crack words and phrases many people would have considered to be strong passwords. Cracked passphrases included “say hello to my little friend,” “yohohoandabottleofrum,” and “dudewheresmycar.”

The researchers ran each password candidate through the SHA256 function to derive a list of potential private keys for Bitcoin addresses used by brain wallets. They then used a cryptographic operation based on elliptic curves to find the public key corresponding to each potential private key. Since the Bitcoin blockchain contains the public key of every account wallet, it was easy to know when a password guess was used by a real Bitcoin user.

The paper reported that vulnerable accounts were often drained within minutes of going live, and in an interview, Castellucci said that some accounts were liquidated in seconds. Castellucci said he suspects the speed was the result of attackers who used large precomputed tables containing millions or billions of potential passwords. While many of the attackers who drained vulnerable accounts earned paltry sums for their work, the top four drainers netted about a total of $35,000 among them. Meanwhile, the drainer who emptied the most brain wallets—about 100 in all—made $3,219.

The thefts were often chronicled in online forums, where participants would report that their Bitcoin wallets had mysteriously been emptied. For a while, people assuming the role of a digital Robin Hood claimed to crack vulnerable wallets, drain them of their contents, and then wait for the victim to publicly complain of the theft on Reddit or various bitcoin forums. The Robin Hood and Little John hackers would then claim to return the funds once the victim proved control of the compromised private key.

While plenty of people publicly warned of risks of brain wallets over the years, the vulnerability was often dismissed as theoretical by some. Brain wallets are now generally shunned by Bitcoin users, but Castellucci warned that an alternative crypto currency known as Ethereum can use a brain wallet scheme that’s every bit as weak as the Bitcoin one was. He is withholding details for now in the hopes that Ethereum brain wallets will soon be abandoned.