Hacked Every 39 Seconds

March 21, 2007

No updates for the past while because I’ve been up to my tonsils with work. Not that I’m complaining. One of the “joys” of having your own business is the fact that you never know what’s round the corner. My business is just over three years old now, and a lot of that 3 years was spent cold-calling prospective clients, which was neither pleasant nor productive for me. Since Christmas I have done no cold-calls, and customers are beating a path to my door. I’m not sure why this is the case but I watched “The Secret” a while back and read “The Science of Getting Rich” so I’m putting it down to that.

Anyhow, I did get time last week to browse through PC Live, (Great value for just €3), and came across this article. According to a University of Maryland study, a PC connected to the internet will on average be attacked every 39 seconds.

The study also profiled brute force attacks and found the most common methods of guessing passwords. The most common was to re-enter the username or a variation of it, (eg user: admin, pwd: admin123). Other common password guesses were ‘password’, ‘passwd’, ‘test’, ‘123’, 1234′, ‘12345’, ‘123456’ and ‘1’.

Nothing too surpirsing I suppose in the guesses, but the frequency of the attacks was interesting. It also proves again the need for effective passwords, and we’ve discussed before. Make it long, mix letters, numbers and special characters, and change it on a regular basis.

More about passwords

January 19, 2007

I hadn’t planned to talk about passwords again so soon but I came across a couple of interesting discussions on this topic recently, and there are so many different opinions on what constitutes a good password, I decided to come back to it here.

I was with a client yesterday who told me her password, gave me a clue to help me remember it, and told me she uses the same one for everything, logging onto her PC, logging in to her accounts and payroll packages, logging into her electronic banking. This is not a good thing to do.

So for me, a good password is one that: 1) is easily remembered, 2) won’t be guessed easily by someone who knows you, and 3) will be able to resist brute of force and dictionary attacks.

Which means I don’t have passwords that are related to my family or Liverpool Football Club, 2 of my major passions in life. There are a few good tips about creating effective passwords that I came across agian in the past week.

1 – Take two words, (computer & software), and merge them, (csoomfptuwareer), and then exchange letters for capitals, numbers & special characters, (c5OomFptUw@re3r). This works but is a bit convoluted, and hard to remember

2 – Take a word, (computer) and type the letters using different keys, (eg move your fingers 2 keys to the right – zubiteqw). Then you can intersperse with caps, nums & special chars as required. 

3 – Hit the keyboard at random with all your fingers, and take what your given. (eg ;oi.kbpubia;beau)

Any of these will work. I suppose I’m more concerned about what doesn’t work. Examples of what doesn’t work include:

Using the word “Password” or the word “blank”

Using your name, your partners name, your kids name, your pet dog, cat, hamster or snakes name, using your favorite team, your favorite singer, your favorite color, your favorite author etc.

Using something so complex that you can’t remember it and end up having to write it down in your diary, or better still, on a little yellow post-it that you stick neatly to the side of the monitor.

Telling everyone your password, “in case I forget it”

If anyone out there has any other tips or things to avoid, let me know.

Passwords – Just a hassle

January 15, 2007

For most people passwords are just a pain in the backside. Having so many different ones to remember, having to change them all at different times, trying to think of new ones every few weeks; it all just seems like more hassle than it’s worth.

I hear this from computer users almost every day of the week, specially in offices. And of course they share information with their colleagues anyway so what’s the point.

OK. Here’s the point. Passwords are the first line of defence from prying eyes. Whether it’s a colleague passing by your desk or a visitor to the office, a password is the most basic form of protection. You may feel you don’t need protection from these people and maybe 99 times out of 100 you would be right. But computer security is not about those 99 times. It’s about protecting yourself from that 1% risk.

It’s the same reason you continue to wear a seatbelt, even if you’ve never had a crash. Because if the situation does come up, you want to have some level of protection in place.

We’ll talk more about passwords again, but for now, let’s just accept that we do need them and leave it at that