Archive for the ‘Hacked – Hackers’ Category

Hack alert: Don’t be so quick to “unsubscribe” …

March 24, 2017

The obvious became evident to me …

==========

Everybody gets more email solicitations than they want, right?

So, how to stop them?

Easy answer: click the Federally required “unsubscribe” link.

clip_image001

Err, not so fast … might cause a problem bigger than an overflowing email box …

How so?

(more…)

Road rage is so yesterday … today, it’s password rage.

August 3, 2016

Here’s a shocker for you.

According to a survey taken by Centrify, a leader in identity management, 1/3 of online users admit to suffering from ‘password rage’ … with many of them driven to crying, screaming and swearing.

clip_image001

=======

Here are some of the survey’s more interesting findings:

(more…)

Hacked: Are periodic password changes worth the trouble?

March 15, 2016

Cyber-security folks always advise us to use different passwords for all accounts and to regularly change them.

Intuitively, that makes sense.

And, many organizations now force employees, as a matter of policy, to change their passwords every couple of months.

clip_image001

But, a recent study by the FTC’s chief technologist, suggests that the security benefits of changing passwords may be more apparent than real … and, may do more harm than good.

 

==========

According to the Washington Post

“The longstanding IT security practice is based on the idea that flushing out old passwords will cut off access for bad guys who may have figured them out.”

But according to the Federal Trade Commission’s chief technologist, Lorrie Cranor, the strategy has some major holes.

“Unless there is reason to believe a password has been compromised or shared, requiring regular password changes may actually do more harm than good in some cases.”

Why?

“Because forcing people to keep changing their passwords can result in workers coming up with, well, bad passwords.”

=======

Some evidence …

A study at the University of North Carolina looked at a data set of thousands of old passwords belonging to former students, faculty and staff at the university who had to change their password every three months.

They found that users often followed patterns that linked old passwords to new passwords — such as swapping the order of meaningful numbers and letters, replacing a letter with a common number or symbol substitute (think changing an E into a 3), or adding or removing special characters like exclamation marks.

Using a tool they designed to predict those type of changes, the researchers could predict how users would change their passwords for 41 percent of the accounts in less than three seconds using a relatively low-powered computer.

The researchers also determined passwords for 17 percent of the accounts in fewer than five guesses.

======

My take:

The problem isn’t periodic password changes … it’s benign neglect or passive aggressive behavior by folks who are annoyed by policies that attempt to save them from themselves.

Passwords should be strong … and they should be changed periodically … and, they should be varied across accounts. Period.

Fool-proof?

Heck no … but improves the odds.

And, whenever possible, use a 2-step process (e.g. challenge questions) for your most sensitive accounts.

Trust me, it’s less hassle than getting hacked.

======

#HomaFiles

Follow on Twitter @KenHoma            >> Latest Posts

=======

Hacked: Identity thieves target Millennials …

October 7, 2015

It has been awhile since we’ve posted about identity theft.

The problem hasn’t gone away, so it’s time for a booster shot.

According to the Javelin Strategy 2015 Identity Fraud report, thieves stole $16 billion from 12.7 million U.S. consumers in 2014.

With a new identity fraud victim every two seconds, there is still significant risk to consumers.

The FTC reports that Americans age 20-29 make up 15% of identity theft complaints.

======

Javelin agrees that millennials are particularly ripe targets for identity thieves.

(more…)

Uh-oh: Hacker hits on Ashley Madison …

July 21, 2015

This may be bigger than the Feds having 20 or 30 million digital personnel files tapped by hackers.

Ashley Madison got hacked and over 37 million customer files have been taken hostage,

Just in case you’ve been living under a rock, Ashley Madison is a sleazy, Canadian based “online dating and social networking service” that “discretely” hooks up folks who are already in a relationship, i.e. married.

Some background:

The name of the site was created from two popular female names, “Ashley” and “Madison” … the site’s slogan “Life is short. Have an affair.”

The site has been around for about 15 years and gets about 125 million hits each month (pun intended).

Reportedly, 70% of the site’s members are guys … no surprise there.

clip_image002

That’s the back-story … now for the “so what?” …

(more…)

How to get your credit reports for free …. no strings attached.

July 9, 2015

Want to see your credit reports?

Some companies provide almost free peeks at your credit reports.  Typically, you have to sign up for a credit checking or identity theft program …. and then cancel your subscription within 7 or 30 days to avoid getting billed.

image

There’s also a low hassle way …

(more…)