A reminder about cybercrime and Internet security is never untimely. Rasmussen College's School of Technology and Design Cyber Security Program just issued this handy rundown of dangers and tips. Something to memorize, or maybe cut out and stick right on your screen!
The chart's list of common mistakes also gives me a touchstone for a bit of soul searching. True confessions time: Which of these mistakes do I habitually make?
Don't use a single password for all online accounts.
Well, not literally one single password, but I confess I do use a small family of passwords for accounts that don't require a high level of security. This is preferable to keeping a list of passwords in the cloud, or writing them on a piece of paper I then carry everywhere. Someone is going to break into my Spotify account or make comments under my name at the New York Times? OK, whatever. Bank accounts and email accounts need to be secure.
Don't click on unsafe links.
I'm good on this. If I'm not sure what it is, I don't click on it. If it insists I click on it, I'm extra suspicious, and I use Task Manager to close it down.
Connect to secure WiFi.
Sure, whenever I can. More than that, I avoid -- except in emergencies -- using WiFi for transactions that need to be secure.
Stay updated.
Yes, indeed, and I appreciate automatic updates -- for example, from Mozilla Firefox.
Think before you act.
Maybe the most important tip, and a lesson I've learned the hard way over the years. If something looks suspicious, it's probably suspicious. Don't try and click your way out of trouble; pause, and figure out what's going on. Sadly, I still get malicious emails on a regular basis, but it's been a long time since I thoughtlessly opened one.
Protect your wallet.
Of course. After all, I guess there's still something in it. I do avoid insecure payment sites.
Experts are always advising people to choose passwords that aren't easily guessed and contain hard-to-remember combination of number/letters/punctation so that it makes it hard to guess what a password is.
BUT.. why do password systems allow dictionary attacks to work? If a bad guy tries to "guess" a user's password more than a thousand times and is just going thru the dictionary -- why is that allowed in the first place? Real users only need 3-5 tries to get their passwords correct -- and usually the problem is that they've got CAPS LOCK on and don't realize it..
So how about eliminating the effectiveness of brute force password attacks, huh?
Related discussion on Reddit: One member advises foiling phishing sites by intentionally entering a wrong password. That won't work, says another, who claims to have formerly run a phishing site, and says that many of them just always return an error message. The advantage to phishers is that many people re-use a small number of passwords, so users faced with an error message will just cycle through the list, giving phishers a list of all that user's passwords.
lin - I use a similar strategy for one or two passwords that I need to type in manually. But for the rest I use auto-generation. I don't think I could remember the algorithm, I'd be all hung up on whether I used caps or lowercase. And then there are the sites that foil algorithms like that by requiring a certain number of characters, certain number of number characters, and so on.
A good approach, Lin, and probably safe -- although if we someone stole or figured out your password for one site, it would be fairly easy to figure out the rest.
For years I have used separate passwords for each site I visit that requires a password. I don't have to keep a database because I use a small password as a seed and then combine it with part of the site name to come up with a site specific password.
For example, I could use a password seed of "SamLives." and then use the last three letters of the domain name to create the password. Using this technique, on Facebook my password would be "SamLives.Ook," on Google my password would be "SamLives.Gle", on InternetEvolution it would be "SamLives.Ion". I like this technique because it means that when LinkedIn sends me an email and tells me my password may be compromised, it doesn't mean my passwords on all the other sites I visit are compromised.
Kim Davis - You mean a man-in-the-middle attack? Yes, that makes sense. Although I wonder if a Wi-Fi network could be set up that would appear to be secured, but would in fact accept any password, so it could serve as a tool for a man-in-the-middle attack.
There are several password-generation and password-store tools like 1Password. I got it when I was going through my Mac Purist phase. There's an open source one, name escapes me, that's free (of course) and also cross-platform.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Edward Snowden was so convinced that the Prism program involved secretive surveillance through Internet backdoors that he walked out on his job and his girlfriend, spoke to the media, and resigned himself to jail, or worse. It turns out, he might just be wrong.
In one of the nastiest -- not to mention large scale and long-term -- hacking exploits yet to be reported, it appears that the Chinese army has been rummaging through the data of those who have served in the US Armed Forces.
ASA Risk Consultants added its voice this week to the slowly growing chorus of voices demanding a coordinated international response to cyberattacks. In a research note circulated by IDG, ASA asserts that "nations will need to come to an agreement on how cyber warfare should be handled."
Extending existing US wiretap laws to give federal agencies easier backdoor access to Internet communications -- especially real-time P2P services like VoIP -- will give, not only aid and comfort, but also technical assistance, to the country's enemies. Not to mention cyberthieves.
The new UltraViolet online DRM model has people upset, but the question we should ask ourselves is whether we want a flexible model to harmonize content owner and content consumer rights, or a one-takes-all model that probably results in less online content.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
50 billion household devices will be on the Internet by 2020, according to Cisco. And we're hearing foreign governments are hacking our infrastructure. Surely our refrigerators are next!
Facebook's Graph Search may face some profound challenges and risks, first, because Facebook users haven't been thinking of their posts as product reviews; and second, because Facebook will now have to contend with the social-network equivalent of SEO "gaming" of results.
Apple may want to do a TV offering, but to meet its goal it would have to address three specific issues that have been exposed by earlier attempts to make Internet TV work.
Many enterprises view high-speed broadband connections as ubiquitous. Yet in about 20 percent of the country, businesses and their employees do not have access to even DSL connections. This shortcoming diminishes enterprises' ability to support their employees.
Big-data and analytics tools enable marketers to understand customers as individuals, identifying unmet needs and addressing each customer as a "segment of one," says John Kennedy, VP corporate marketing, IBM.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The IBM Smarter Commerce Global Summit in Monaco kicked into high gear today, and we've already begun to see news emerging from that lovely city-state by the sea.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
