Tag: security

Home > Posts tagged "security"
‘Password’ Is Not A Secure Password

Is there such a thing as a secure password? It seems like every month or so there is a similar announcement. Last month Yahoo! was hacked, with hackers exposing something like 450,000 user passwords. The month before that, it was LinkedIn where 6 million user passwords were exposed. And these are just the latest episodes. You (the user) has no control over the security (or lack of it) by an online service such as Yahoo! or LinkedIn. But there are efforts daily by hackers to log in to user accounts by guessing passwords - there are even automated programs (downloadable on the internet) to automatically try to repeatedly guess insecure passwords, and take over your account. The message from these attacks is not that you shouldn't use these services (though you should not use them without thinking about the security implications, and whether or not you really want to put your information in that semi-public location). The real lesson is found in the passwords that were disclosed. [pullquote]Password security is a myth.[/pullquote] Sooner or later some site you use will be hacked, and your password will be stolen. From that time on, unless you can change your password before the hacker gets into your account, they will own your account. Is there better security than passwords? The short answer is "yes." One way is rarely used, but it is called public key security. Briefly, you would use software to create an encrypted key. You keep a private version and a public version would be uploaded to sites you use (like Yahoo!, LinkedIn, etc.), and the two must be used together to gain access. However, most of today's sites and web browsers simply aren't ready for this. Google has come up with an intermediate approach, called "2 step verification." To use…

How Safe Is Your Website Or Blog? 3 Steps to a Better Night’s Sleep

Would you know if your site had been hacked? Could you restore it if it had been hacked? These three steps will help you prepare for the worst. If you follow technology news, it seems that high-visibility websites are being compromised (hacked) with astonishing frequency. Even to the point where at least one hacker group is using the threat of its hacking as a political weapon. You might think that big sites, like major corporate sites or government sites, are so well protected that they can't be hacked. You would be wrong. But what about the little businesses? If anything, they are less likely to be secured against threats, both because the business lacks the resources, and because the hosting company controls the security of the site. So, what is a business to do to protect itself? [caption id="attachment_507" align="alignright" width="240" caption="Photo credit: renaissancechambara on Flickr"][/caption]While there are steps you can take to make your website more secure, this post is about things to do to be certain you can quickly get the site back on line if something does happen and it is hacked, or otherwise damaged (such as by your hosting company improperly restoring the site from its backup - as recently happened to the site of our Freeport Maine Bed & Breakfast). Here are three steps you can take today to make it more likely that, whatever the cause of website troubles, you can reduce the pain of having to restore the site. 1. Preparation: Make sure your host has regular backups It seems like a no-brainer, really, but check with your hosting company. Are they doing daily (nightly) backups? Most hosting companies use what are known as "virtual web servers" - several (many) websites are hosted on the same physical machine and actually have the same…

Tags: ,
Google Security Hole = Big Problems in the Cloud?

We tweeted the TechCruch story about the site which, if you visited while logged in to a Google account, sent you an email proving it had just harvested your email information. Scary, isn't it? Well, the screenshot of the website, itself (no, we didn't visit it to see if it was true - besides, it was down by the time we got there . . . ) got us thinking about security and how this occurred. That's when it clicked - this looks very suspiciously like the Firesheep exploit - erroneously blamed by some "experts" on insecure WiFi networks, while in fact it is based upon insecure transmission of cookies by your browser, which can happen on any network, wired or not. Firesheep can intercept cookies and log in as another user for a specific list of popular websites (including Facebook, Twitter, etc.). It looks as if this new website is doing the same thing, but in a different way - instead of snooping on your network for open cookies, it is looking for the Google login cookie and "stealing" it, then proving it has stolen your login validation by sending you an email. Regardless of the method used, if a website is able to steal your login cookie (or other information), this points up a vulnerability in not only your Gmail account, but in anything that uses that Google login. This would include your personal iGoogle page, your Gmail account, your analytics and Webmaster Tools accounts, and - perhaps most dangerous - access to all your Google Apps. That's right - if you or your company has decided to migrate to Google's cloud-based applications, and if you use your Google login to gain access to them, then any website can steal your Google credentials and gain access to your…

Privacy and Social Media – Strange Bedfellows?

When you think about it, attempting to provide security in a medium (social media) where the objective is to share (at least to some degree) personal aspects of your life, doesn't make much sense. Perhaps that is one of the reasons that Mark Zukerberg of Facebook famously declared that privacy is dead. But is it? Should it be that way? Even with Facebook moving the goal posts every few weeks, and changing the way you control access to your data, and sometimes defaulting to very poor choices, you still have some opportunities to control what you share outside your circle of friends (real friends, I mean, not just Facebook "friends"). What's the probem? We may all have different ideas of what we are willing to share with others - depending, at least partly, on how well we know them. That's the reason that "one size fits all" privacy doesn't work. Whether you believe in sharing everything, or sharing very little, chances are the next person has a different view about what information they want to share. Understandably, businesses want to share lots of information about the business, but individuals often want to restrict some of their more personal information. However, many individuals use personal accounts for business information, and the lines between business and personal get blurry. An eye-opening example Recently a reporter published an article called Confessions of an Online Stalker. He did it to research just how much personal information is available for free on the internet. He chose a person who is very "plugged in" - having several online businesses, lots of social media presence, etc. What he was able to learn about his "target" was surprising, even to the target (the reporter eventually met him and revealed the information to him). For example, he knew where…

×