Tag Archives: passwords

WiFi Finder app exposes 2 million network passwords!

“WiFi Finder” is a popular hotspot finder app that is used to locate free wifi spots nearby.  Unfortunately, the company utilized a database with minimal security to store information such as the Wi-Fi network name, its exact geolocation, its basic service set identifier (BSSID) and network password. All this data was stored in plain text. While the app developer claims the app only stores passwords for public hotspots, after a review of the data, countless home Wi-Fi networks were also discovered.

The biggest threat to free Wi-Fi security is the ability for the hacker to position himself between you and the connection point. So instead of talking directly with the hotspot, you’re sending your information to the hacker, who then relays it on. While working in this setup, the hacker has access to every piece of information you’re sending out on the Internet: important emails, credit card information and even security credentials to your business network. Once the hacker has that information, he can — at his leisure — access your systems as if he were you.

Utilizing free Wi-Fi in public locations is a major security risk, however, there may come a time when your only option is an unsecured, free, public WiFi hotspot, and your work simply cannot wait. If you must use public Wi-Fi there are a few steps you should take to stay safe (well….as safe as possible….because you shouldn’t use public Wi-Fi).

What to do:

  1.  Use a Virtual Private Network (VPN).
  2. Disable file sharing on your device.
  3. Log out of accounts when you are done.
  4. Only visit sites using HTTPS.
  5. Disable Wi-Fi auto-connect.
  6. Turn off Wi-Fi (and Bluetooth) when not in use.
  7. Access Web sites that do not hold sensitive or personally identifiable information (i.e. don’t do your banking while waiting for your flight).

While not all Wi-Fi is a security risk, without the right protection your personal information could become public information.

Over 20 million Gmail and 5 million Yahoo decrypted accounts now reportedly for sale on the Dark Web

Over 20 million Gmail and 5 million Yahoo decrypted accounts now allegedly for sale on the Dark Web

A dark web vendor is reportedly selling millions of decrypted Gmail and Yahoo accounts in an unspecified underground marketplace. Over 20 million Gmail accounts and five million Yahoo accounts from previous massive data breaches are now reportedly up for sale.

A dark web vendor going by the name “SunTzu583”, who has previously also allegedly listed over one million decrypted Gmail and Yahoo accounts on the dark web, now appears to have ramped up his efforts.

According to a HackRead report, in separate listings, the cybercriminal is allegedly offering 4,928,888 and 21,800,969 Gmail accounts, of which the latter has been listed for $450 (0.4673 Bitcoins). While the first listing includes email addresses and clear text passwords, 75% of the second listing allegedly contains decrypted passwords and 25% hashed passwords.

The Gmail data reportedly corresponds to those stolen in previous breaches, including the Nulled.cr hack and the Dropbox data breach.

The cybercriminal is also allegedly selling 5,741,802 Yahoo accounts for $250 (0.2532 Bitcoins). Most of the accounts listed were allegedly disabled and appear to have been stolen from MySpace, Adobe and LinkedIn data breaches.

For both the Gmail and Yahoo accounts, the dark web vendor claims that not all the email and password combinations work directly, warning potential buyers to not expect them to match in all cases.

The data has reportedly been matched against those on popular data breach notification platforms such as Have I Been Pwned and Hacked-DB. However, the data has not been independently verified by IBTimes UK.

How to keep your data safe

Cybercrime ramped up to alarming levels last year, which also saw a slew of massive cyberattacks. Those concerned about keeping their accounts and data safe should incorporate safe security practices. In the event of a breach, or even a potential one, it is recommended that passwords be changed immediately. It’s also essential that you not reuse passwords, instead use unique and strong passwords for each of your accounts.

Remember to stay safe out in the cyber world !!!

Weak Passwords Pose Cybersecurity Risk for Campus Networks

Passwords
Colleges and universities already present prime targets for hackers, and easily guessable passwords make the problem worse.

Using a weak password is the equivalent of laying out the welcome mat for hackers, but that hasn’t stopped some users from prioritizing convenience over password strength.

A SplashData analysis of 2 million passwords found that “123456” and “password” once again topped of the list of the most popular passwords in 2015. Other frequently used passwords included “12345678,” “qwerty” and “12345.”

Easy to type and just as easy to guess, these risky passwords are especially problematic for colleges and universities, which not only have a large number of users accessing the network but also represent enticing targets for cybercriminals.

Higher ed IT professionals can help protect users’ personally identifiable information and researchers’ intellectual property by teaching faculty, staff and students the importance of strong passwords and passphrases.

 

The Future of Passwords and Biometrics

Biometrics
In today’s world filled with computers, smartphones, and other smart gadgets, passwords have played an important role. Passwords have played a key role in authenticating one’s identity online. But how long do you think this authentication measure will work? The power of the computers is increasing every day. Such computers, when used by hackers and scammers, can prove to them as an effective tool for cracking passwords and accessing our online databases.

Simple or even complex passwords are easily crack able thanks to the advances in the field of technology. There has been a growing demand for using biometrics in place of textual passwords. But are biometrics as safe and secure as its supporters claim it to be?

In this article, we shall be analyzing the future of passwords and the shift in the methods of authenticating your identity. We shall also be analyzing about the various option available to us in case passwords are proved to be ineffective in the near future. Keep reading:

Are biometrics really that secure?

You may say that biometrics are the most secure way of authentication. However, biometrics has its own flaws, sometimes, even more dangerous than those in the textual passwords. Biometrics involve various methods like retina scan, finger-print scans, facial recognition. All these methods have their own merits and flaws. However, thinking them of being flawless is an overstatement which can cost you dearly.

Consider the following situation: You are “under the influence” of drugs or alcohol. Someone knowingly/forcefully puts your thumb on the finger-print sensors and steals your data.

What do you do in such a situation? Can you change your biological information? Someone said it right, that “I can change my password, but I can’t change my eyeballs!” Further, there are chances of such biometric data being stolen from the server of such companies storing such data and reverse engineered to create another set of biometric credentials to hack into your system.

What might be the future?

There are already several features in the present world which is a reflection of what is to come in the near future. There are Bluetooth bands around your arms to unlock your phone, or gadgets that follow your voice commands. Apart from these, your behavioral patterns may also be used in the future to authenticate yourself. Given below are a list of behavioral pattern which could be used for authentication purposes:

·         Characteristics of speech

“Voiceprints” will not be enough. Voiceprints will be supplemented with additional information like accent, emotional state, cadence, which will form a part of a strong password.

·         Blinking

MasterCard has already implemented the Identity Check system whereby you can use a selfie to authenticate yourself. In addition to selfies, the check also requires you to blink.  The blink patterns may prove to be a key factor in differentiating between the true user and an imposter.

·         Walking

You walking pattern might also add a layer of security. You speed, or gait will provide your devices with sufficient information to determine the authenticity of the owner.

From the above discussion, it becomes very clear that passwords and biometrics are not secure enough in today’s online world. There, definitely, is a need for a stronger authentication method which has no or little loopholes. There is a need to add another layer to the biometrics to beef up the security.

In the near future, we might see a combination of biometric authenticators and other methods to enable swift and secure authentication into our devices.  Hopefully, this will be done soon and in an efficient manner so that chances of being compromised remains minimal.

5 Ways to Keep your Domain Name Safe from Being Hacked

http_Hack

The proliferation in the number of people using the internet had led to a significant number of new websites and blogs popping up every day. The huge platform for sharing views and personal opinion about anything or host content that one deems suitable to share, casual users today have understood how good a business owning a website or even a personal blog can be.

However, although many people easily set up their own website or blog, there are hardly any who are knowledgeable enough in protecting their domains from hackers once they become the legal registrants of domains. Today, we discuss this issue to help owners of personal blogs and small websites.

How to protect your domain from hackers

The following methods can be used to protect your domain from the attacks of hackers:

1. Activity alerts

This is similar to receiving notifications about your Facebook activity. Whenever an activity is performed using your domain account, you can get a notification. Many good domain registrars provide this feature free of cost. This is a good way to keep track of any unauthorized activity on your domain account.

2. Make sure writeable and executable files and directories are not in web root

Not doing so basically means that any unauthorized user can access readable and/or writeable directories or archives. This is as easy as it can get for hackers to exploit non-secured scripts to run or place data on your web hosting account.

3. Keep your domain locked

Enabling your domain registrar’s lock is a simple yet effective way to prevent illicit third-party domain transfer request. Such domain transfer requests are frequently used to steal domains. Simply enabling domain registrar lock can prevent your domain from falling prey to this malicious practice.

4. Do away with unwanted Directories, Scripts, and Subdomains

It is a common mistake by website owners to leave old and less used directories and scripts on their website. The gravity of this mistake cannot be emphasized on enough. This is because hackers can use this information for the purpose of hacking into your website. Therefore, it is important that you routinely chunk out files and directories that you no longer need or use.

5. Use strong and complex passwords

All accounts that require security are secured by passwords, but users can be so naïve as to use passwords that can be guessed easily to protect their sensitive information. This is a textbook mistake, one which hackers never get tired of exploiting. Always, ALWAYS, use passwords that are a combination of letters and numbers and are not short in length. Also, make it a practice not to use common English words as your passwords, for there are a lot of password cracking tools that crack passwords quickly because the password includes common words.

Conclusion

A lot of people are victimized by hackers by stealing or hacking their domain names. It is most important to pay close attention to your domain’s security, especially when your blog or website becomes really popular. With the help of this article and perhaps a little more research on the matter, you will be much more secure than you previously were (if not using these methods already) against hackers.

5 Innocent Mistakes That Cause an IT Security Breach

Breach

Security breaches, also known as a safety violation, occur when a person or application illegally enters a confidential IT border. This could result in the hacking of unauthorized data, services, networks and applications that are highly critical.

Breaches can also cause bankruptcy and destroy a company’s reputation, which is why most businesses hire an IT solutions company. However, not all security breaches are intentional; mistakes can trigger a security violation, as well, and without any warning.

Here are five innocent mistakes that lead to an IT security breach.

Device Theft or Loss

A lost or stolen device like a smartphone or laptop causes 3.3 percent of confirmed security breaches and 15.3 percent of overall incidents.

People who forget their devices in a public place or vehicle have higher chances of losing their gadgets because of theft. Most of these cases are opportunistic and involve a huge number of public departments.

When the thief takes advantage of the device, he can access the person’s confidential images, videos, documents and business files without IT security measures in place.

Document Errors

Document-related errors are some of the common causes of a data breach. A few examples of these include forwarding sensitive information to incorrect recipients, publishing private data to public web servers, and carelessly disposing of confidential work data.

These events usually occur internally and accidentally. When this happens, hackers can use the stolen information as blackmail or as an asset to their group. They can also access bank accounts and other documents related to finance.

Weak and Stolen Credentials

Hacking is the biggest cause of security attacks, which is primarily instigated by weak passwords and stolen credentials. Employees who have access to password-protected files and applications should take caution when unlocking these documents, especially when the company asset contains confidential information.

If you are working on a public computer, avoid clicking on the “remember password” option, so that intruders won’t have the opportunity to access private accounts if your computer gets hacked.

Additionally, you should never leave your password in an open computer file or even written on a sticky note affixed to your desktop, as this can be used by an external actor like a service person to access the organization’s intranet.

At the same time, it is important that you create a strong, non-obvious password that includes numbers, symbols, and capital and lower-case letters. One of the most effective techniques is the Bruce Schneier Method, which takes a sentence and turns it into a strong password.

There are also password-generating sites and password managers that throw out efficient and strong passwords.

Internet Spyware

Did you know that over 50% of security breaches are caused by employees misusing access privileges? Whether maliciously or unwittingly, employees who naively click pop-up browsers or install a malicious application can welcome spyware on a company’s system.

Spyware is a type of malware that enters a computer without the knowledge of the owner to collect private information about internet interaction, keylogging, passwords and valuable data. Spyware can either be on a file you downloaded online or a malicious hard drive inserted on your desktop. This can also be found in unauthorized web searches and varying computer settings.

The risk of a security breach is very high with spyware but you can prevent this by generating a virus scanner and avoiding malicious websites and illegal downloads at work. Companies should also take the first step by implementing a spy trap, which is basically a filter for all work systems.

Vulnerable Systems and Applications

Using outdated software and web browsers can cause serious security concerns. Attack methods become more advanced each year, and hackers increase the number of ways that they can violate vulnerabilities like these.

When outdated systems regularly connect to the internet, they can submit valuable information online without the user knowing it.

You can prevent security breaches by taking note of these basic pointers.

  • Take care of your personal data, especially when on the road. Every time you bring your data on the go, you are opening yourself to a multitude of security risks. For example, when you access public Wi-Fi, you disseminate your information to the immediate public and to hackers who use meticulous processes to breach data. Avoid this by investing in a personal hotspot or by subscribing to your provider’s mobile data services.
  • Create strong passwords. Never create a password that contains basic personal information like your surname or birthday. Hackers can easily identify this and use it in your work and personal accounts. A strong password should be a combination of characters, numbers, and symbols. Apart from this, don’t use one password for every account you own. Although it may be easy to remember, it’s also easy to hack.
  • Be careful of file sharing. You share a number of important files every time you work with multiple clients. No matter how much you trust a colleague, you never know where he will use the data you shared. To prevent malicious use of relevant documents, make sure that the files you share with your clients are only for work purposes. If you share documents through a cloud, immediately delete the final ones after use.

The number of security breaches increases every year, but there are plenty ways to protect yourself and your company from this. Keeping your data secured is the most efficient way to prevent damaging security breaches.

 

About the Author: Vlad de Ramos has been in the IT industry for more than 22 years with focus on IT Management, Infrastructure Design and IT Security. Outside the field, he is also a professional business and life coach, a teacher and a change manager. Vlad has set his focus on IT security awareness in the Philippines and he is a certified information security professional, a certified ethical hacker and forensics investigator and a certified information systems auditor.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of TheDigitalAgeBlog.

 

5 techniques to creating an invincible password

Passwords

One of the most important aspects of an IT security professional is being able to not only have a strong password, but also teach others in your company to follow this same password making process as well. You are only as strong as your weakest link, and we all know that most cyber-attacks start from human error. The dos and don’ts of making a secure password may seem tedious at first, but in the long run it is the best option to stay protected.

First step, we will get rid of idiom “passwords” because now we will be creating “passphrases”. You don’t want to just use one of two words as the main part of your passphrase. Dictionary and brute force attacks are become more advanced, cracking single word passwords in minutes. What you want to do instead is take a phrase that you can remember, but not something too relatable to yourself. Some examples would be like the chorus from your favorite song or the first sentence in your favorite book. Use my example below for now:

“She had them apple bottom jeans, boots with the fur”

You will now want to take the first or last letter from each word and cram them together, this will be the base of your passphrase:

“shtabjbwtf”

Next, you want to make a few of the letters capital:

“ShTaBjBwTf”

Try to have at least two letters capitalized. Now take your phrase and add a number or special character on the beginning/end of the phrase.

“7ShTaBjBwTf@”

The last step is to make sure it is 14 characters long of more. My example has only 12 so I would want to go back and add 2 more characters to the phrase:

“67ShTaBjBwTf@!”

There you have it, simple as that. Now you have a password that meets the length criteria and is well out of the scope of any dictionary attack. You will also have an easy time remember this one because the base phrase is something that you have memorized anyway (a song or phrase). The idea is to find something that is easy for you and only you to remember for your base phrase, then the rest will fall in place after a few times using the password.

Creating a strong passphrase is very important, but do not ever write down your phrases. It doesn’t matter if they are in a safe, creating a super secure password will do you no good if it cannot be memorized. Now let’s say that you have a lot of accounts with different passwords, what you can do to solve this is get a password locker. It is a tool that holds all of your passwords on your computer, with one master password to unlock the others. This way you only have to memorize one secure password. Congrats, you can now train passphrase creation. Take what you have learned and spread this knowledge to your company. The employees are the first line of defense and need to be well prepared for it.