As you've probably heard on the news, there has been a lot of hacking going on recently, and you probably know about how Sony's Playstation Network was hacked into, and taken down by a group of hackers. Many people are probably wondering what's next? Facebook? Xbox Live?
Most people don't realize though, that there are THOUSANDS Facebook accounts stolen daily, and the sad part is, so many people are capable of doing it.
I would like to point out though, that most incidents with Facebook, occur not because of "hacking" but because of: phishing, keyloggers, cookie stealing websites, malware, and probably the most common; password scams.
I will be going into detail on each of these ways your password for almost anything can be stolen, and how to prevent it from happening to you.
However, before we continue, I would like to point out the difference between Hacking, and account stealing. Hacking is defined as gaining unauthorized access to a file(s) and or database(s).
Account stealing is simply finding a user's password through means which do not involve brutally entering a computer or server by hacking.
- How to protect your online information.
The best tactic, is just to be smart.
Website staff for ANY website will NEVER ask you for your password.
You should always have a secure connection to Facebook, if you don't connect securely, or do not know. Please click here. https://facebook.com
For you more advanced internet uses, just make sure all your connections to websites are via SSL, if possible.
Don't go to sites you don't recognize, or sites that appear fake.
Don't do online surveys.
VERY IMPORTANT!!!
If you get taken to a page, which says you have a virus, DO NOT, I REPEAT, DO NOT DOWNLOAD THE SOFTWARE TO REMOVE IT. This is an example of how viruses spread, ANY page that tells you that you have a virus, is FAKE, and will only give your computer a virus.
It is highly recommended that if you even connect to one of these sites accidentally, that you do a full system scan with your antivirus program, and if you don't have one, you should REALLY get one.
- FAQ
Q. What is "Phishing"
A. "Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. This is similar to Fishing, where the fisherman puts a bait at the hook, thus, pretending to be a genuine food for fish. But the hook inside it takes the complete fish out of the lake."
Q. What is a "Keylogger"
A. A Keylogger normally is part of a virus, basically, EVERYTHING you type, will be recorded by it, and sent via email to the person or website which gave you the virus.
If you suspect you have a virus, it is recommended that you DO NOT connect to any important websites, until you have verified that your computer does not have a virus, or that the virus has been removed.
Q. What is a Cookie stealer?
A. A cookie stealer does exactly what it's name implies, it steals your cookies.
internet browsers store cookies from all sites, like facebook, google, and such, these "cookies" are very small files, which normally store your login details.
A cookie stealer, analyses your browser for cookies, and if it finds any with important information, it makes a copy, and sends it back to the the fraudulent website.
You can prevent this from happening by NOT ALLOWING YOUR BROWSER TO REMEMBER YOUR PASSWORD! ESPECIALLY IF YOU USE A PUBLIC COMPUTER!
Q. What is "Malware"?
A. Malware is a generic name for a malicious program, or junk programs, most likely you've received a CD in the mail before, for something like a free trial of some sort, while the program itself may be clean, the CD could be packing a lot of junk files along with it which spam you with advertisements, and such.
To prevent yourself from getting malware, just don't install anything you don't want to, READ EVERYTHING when installing a program, it is wise to read the legal agreement too, as it may state that you agree to install other things you may not want to.
Q. How do I avoid password scams?
A. Like I said before, be smart. Don't EVER tell ANYONE your passwords not even someone that claims to be with the police, as that would require a warrant. it is also recommended you use different passwords for different sites.
This is a very important note, PLEASE, make your passwords strong, don't just use a word, make something that NOBODY could guess, a good way to meter how strong a password is, is if it's hard for YOU to remember.
A good example of a STRONG password is this; bM2sH&m_+2naQ
(this is not an actual password, DO NOT use this as a password.)
For all of you advanced users, this works much better than one word,
most passwords in databases are stored in encrypted form, so obviously it's secure no matter how weak/strong it is, right?
Wrong, for a simple password like "qwerty" it would look like this in a database: d8578edf8458ce06fbc5bb76a58c5ca4, which is a "hashed" version of the password. This is in MD5 format, which is very secure, when used properly. When I go to try to recover the password, from the hash, I would come up with keystroke hex of 717765727479, which then I can translate back to "qwerty".
Now, when I try to "unhash" the strong password; bM2sH&m_+2naQ, I wind up with this MD5 Hash; db8d814bc816328a074bde5ceee55e21, which when ran through the same process as the other one, would take 43.28 YEARS to decode, rather than 30 seconds like "qwerty".
By the time 43 years was over, you probably would have changed that password.
And note that this process is the ONLY way to reverse a hash, rather than encryption, which uses a two way cryptographic algorithm to just simply scramble information.
A hash is a ONE WAY process, and can ONLY be recovered through a brute force method, which is highly impractical.
Thanks for reading, and best of luck to you!
- Nathan Young
No comments:
Post a Comment