Maybe My Password Isn’t As Strong As I Thought It Was

For years, we in the computer industry, have been telling people to create cryptic passwords that include upper and lowercase letters, numbers, and special characters. We’ve been saying that if you replace certain characters with others, such as @ instead of “a”, or 3 instead of “E”, or ! instead of l, that chances of getting your password stolen are remote. Well, it would be remote, but with today’s technology, someone trying to break that password would have it figured out in 3 days with 1000 guesses/second, which is probably faster than you trying to remember what the password actually is.

A far better and safer way to create passwords is to string words together. Four random words, such as dogsbakewoodseat, would take 550 years with 1000 guesses/second to break, and would be much easier to remember if you use words that have meaning to you. The reason isn’t so much in the letters you use but is a combination of length as well as content. Most cryptic passwords are shorter than 8 characters because they’re hard enough to remember as is without them being longer. By using the word combination, you can make your passwords long and still be easy to remember.

I still recommend you using a different password for every site so with all of those passwords to try to remember you may want to use a password manager. I recommend RoboForm which allows you to save your passwords to your computer, or to the internet where they’re available just by clicking, when you need to log-in to a site.

If you want to see how safe some of your passwords are, or passwords similar to what you use, try them here, and see how long it would take someone to hack your password.

Fake Antivirus Industry Down, But Not Out — Krebs on Security

Fake Antivirus Industry Down, But Not Out — Krebs on Security.

Many fake antivirus businesses that paid hackers to foist junk security software on PC users have closed up shop in recent weeks. The wave of closures comes amid heightened scrutiny by the industry from security experts and a host of international law enforcement officials. But it’s probably too soon to break out the bubbly: The inordinate profits that drive fake AV peddlers guarantee the market will soon rebound.

During the past few weeks, some top fake AV promotion programs either disappeared or complained of difficulty in processing credit card transactions for would-be scareware victims: Fake AV brands either ceased operating or alerted affiliates that they may not be paid for current and future installations.

On July 2, BestAV, one of the larger fake AV distribution networks, told affiliates that unforeseen circumstances had conspired to ruin the moneymaking program for everyone.

Google: Your Computer Appears to Be Infected

From KrebsOnSecurity

Google last week began warning more than a million Internet users that their computers are infected with a malicious program that hijacks search results and tries to scare users into purchasing fake antivirus software.

Google security engineer Damian Menscher said he discovered the monster network of hacked machines while conducting routine maintenance at a Google data center. Menscher said when Google takes a data center off-line, search traffic directed to that center is temporarily stopped. Unexpectedly, Menscher found that a data center recently taken off-line was still receiving thousands of requests per second.

Menscher dug further and discovered the source of the traffic: more than a million Microsoft Windows machines were infected with a strain of malware designed to hijack results when users search for keywords at Google.com and other major search engines. Ironically, the traffic wasn’t search traffic at all: The malware instructed host PCs to periodically ping a specific Google Internet address to check whether the systems were online.

For the rest of the article, please click here

NOTE: Unlike the scareware and fake anti-virus programs that “popup” on your screen, this is  a banner notice at the top of your search results. Use your own anti-virus programs to scan your computer as well as programs such as SuperAntiSpyware and Malwarebytes

 

 

 

Windows AntiVirus 2011 or Fake AntiVirus

There have been a lot of fake antivirus infections lately. I’m getting several calls  a week from people telling me that while they were searching the internet, windows started popping up all over their screen telling them they have viruses, trojans, etc. I used to spend hours cleaning computers with various antivirus programs, but then found that I could do it much quicker by using the following method.

When this problem comes up, I ask what the user has or hasn’t clicked on. What they say next is what determines my next course of action. The way these programs work is that they “offer” to clean up your computer if you buy their software. If you choose not to buy their software, and try to click out of the windows by clicking cancel or the red x to close the window, you’re faced with more windows because these options have been set up to download the fake antivirus program and install it on your computer.

So, what to do when one of these programs shows up on your computer? Don’t panic and start clicking things. Recognize that even though it may look like a legitimate Windows warning, if you have a virus, your own antivirus program will pop up telling you so. What you need to do is to press CTRL-ALT-DEL to bring up the Task Manager and then end the browser process. Once you’ve ended the browser this way, you can safely reopen the browser and continue your surfing.

If, however, you have clicked an option and these windows are just continually taking over your screen, reboot your computer. Just as it starts to come up and you see the opening text on the screen, start pressing the F8 key until you get a menu on the screen. Choose to boot into Safe Mode. The screen will look different from what you’re used to, but that’s okay. Once you are at the desktop, click your start button, bottom left of the screen. Go to Programs, Accessories, System Tools, System Restore. When System Restore comes up, choose to restore your computer to a point prior to when you experienced the problem. This could be earlier that day or even a day or two past.

This will not remove any files or data you have worked on or created in that time period, but will restore your Windows system back to a healthy state. Your computer will reboot once and tell you whether it was restored successfully or not. If it was successful, run a virus scan with your antivirus program, but you should be all set at this point.

Ah, Cookies

Tracking cookies

The other day I noticed that I was running out of space on the hard disk of my computer. I went through and removed some programs and moved some data to an external drive to free up some space, but the next day, the space was low again.

I ran my normal cleanup software, CCleaner, SuperAntiSpyware and Malwarebytes and found that I had a huge number of tracking cookies on my computer.

If you don’t know, most every website you visit downloads a small file to your computer, called a cookie. Cookies are set to stay on your computer for a period of time and contain information about the site you’re on. Often times, they will hold your login information to the site so that the next time you visit that site, you’ll automatically be logged in, or your preferences will be recorded and remembered so that you won’t have to reset everything time and again.

Tracking cookies, on the other hand, aren’t good. Websites sometimes allow third parties, such as advertisers and marketers, to also install what’s known tracking cookies on your computer. These cookies send information back to the marketing companies where your preferences are put in a database for future use. They don’t record personal information, such as credit card numbers or passwords but general information about your surfing habits and preferences. What they hope to do is to have the advertisements that you see on a page become advertisements that relate more specifically to you so that you’ll click and buy. The danger comes when that information, which is connected to you, becomes available to others.

So, what to do? You really need the main cookies a site saves because a lot of sites won’t work well unless you accept the cookies. Third party cookies, however, aren’t needed and should be blocked.

There are settings in each of the browsers that allow you to allow the main cookies and block the third party cookies. Here are the instructions to do so for the four main browsers:

Internet Explorer –

  • Open Tools, Internet Options | Privacy, click on the Advanced button.
    • Place a check in “Override automatic cookie handling”.
      Uncheck “Always allow session cookies
    • Set “First Party Cookies” to Accept, set “Third Party Cookies” to Block.

Firefox –

  • At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP) and then click Options. On the menu bar, click on the Firefox menu and select Preferences…At the top of the Firefox window, click on the Edit menu and select PreferencesAt the top of the Firefox window, click on the Tools menu and select Options…On the menu bar, click on the Firefox menu and select Preferences…At the top of the Firefox window, click on the Edit menu and select Preferences…
  • Select the Privacy panel.
  • Set Firefox will: to Use custom settings for history.
  • Uncheck Accept third-party cookies.

Chrome –

  • Click the wrench icon on the browser toolbar.
    • Select Options (Preferences on Mac and Linux; Settings on Chrome OS).
    • Click the Under the Hood tab.
    • Click Content settings in the “Privacy” section.
    • Click the Cookies tab in the Content Settings dialog that appears:

o   Block only third-party cookies: Select the “Ignore exceptions and block third-party cookies from being set” checkbox. Even if you’ve added a site to the Exceptions list and have chosen to allow its cookies, the site’s third-party cookies won’t be accepted if this checkbox is selected.

Safari –

  • From Safari, select “Safari” in the menu bar, and then select “Preferences”
  • In the Preferences Dialog Box, select the “Security” tab
  • Make sure the “Accept cookies:” setting is set to “Only from sites you navigate to”. You can also set this option to “Never”, but this will prevent many web sites that rely on cookies from working.

Once I removed the tracking cookies from my computer, I actually recovered almost 200 GB of disk space. I then went through each of my browsers and blocked third party cookies from being installed.

Here’s One Reason Why You Need to Password Protect Your Wireless Router

Or if you’re using your neighbor’s wireless connection, you may want to reconsider.

To sum up, an individual in New York found himself facedown in his living room in the morning with federal agents all around him. They were accusing him of being a pedophile and pornographer. They ended up seizing his computer, his wife’s computer and iPad and iPhone. He claimed innocence and after a week, was cleared. His neighbor, however, wasn’t as lucky. Seems the neighbor was leaching off the non-password protected wireless router and trafficking child pornography.

Always, always, always password protect your router, or if you’re leaching off your neighbor, and they’re involved in something illegal, it could come back on you as well. Now here’s the article -

BUFFALO, N.Y. – Lying on his family room floor with assault weapons trained on him, shouts of “pedophile!” and “pornographer!” stinging like his fresh cuts and bruises, the Buffalo homeowner didn’t need long to figure out the reason for the early morning wake-up call from a swarm of federal agents.

That new wireless router. He’d gotten fed up trying to set a password. Someone must have used his Internet connection, he thought.

“We know who you are! You downloaded thousands of images at 11:30 last night,” the man’s lawyer, Barry Covert, recounted the agents saying. They referred to a screen name, “Doldrum.”

“No, I didn’t,” he insisted. “Somebody else could have but I didn’t do anything like that.”

“You’re a creep … just admit it,” they said.

Law enforcement officials say the case is a cautionary tale. Their advice: Password-protect your wireless router.

via NY case underscores Wi-Fi privacy dangers – Yahoo! News.

OMG! LOL: Internet Slang Added to Oxford English Dictionary

By Daniel Ionescu, PCWorld    Mar 26, 2011 5:59 AM

Time-saving online abbreviations like LOL, OMG, and IMHO are now part of the official English language. The Oxford English Dictionary (OED) announced the addition of several acronyms to its dictionary, adding some interesting trivia behind the origins of these Internet-associated expressions.

OED explained that although “initialisms” like OMG (Oh My God), LOL (Laughing Out Loud) and IMHO (In My Humble/Honest Opinion) are strongly associated with the language of electronic communications, their origins are surprisingly predating the Internet era.

For example, OED found a quotation for OMG in a personal letter from 1917, and FYI (For Your Information) originated in the language of memoranda in 1941. Also, apparently the LOL expression had a previous life, starting in 1960, denoting an elderly woman (Little Old Lady).

OED notes that some expressions like OMG and LOL are used outside electronic communication contexts as well, including print and spoken use, in the form of more than a simple abbreviation:

“The intention is usually to signal an informal, gossipy mode of expression, and perhaps parody the level of unreflective enthusiasm or overstatement that can sometimes appear in online discourse, while at the same time marking oneself as an ‘insider’ au fait with the forms of expression associated with the latest technology.”

If you’re not familiar with the online slang, you can always check out this Internet slang dictionary and translator. Just enter the text slang you want to translate and you’re done. TTYL

Follow

Get every new post delivered to your Inbox.

Join 197 other followers