Computer Security Myths

Link to Article
Photo From Lifehacker Article – 5 Computer Myths…

There is a commercial out there, I forget which company it is for at this time, that uses the premise that they can’t lie on the internet, aka, everything you read on the internet is true. Well, hopefully we know that the premise is false. The can lie on the internet.

However, the same type of thought is out there regard computer security. Many people are saying if you don’t do A, B, or C your computer is safe. Or the thought I ain’t worth the time because there isn’t anything important on my computer. Well, you might be SAFER if you don’t do A,B or C on your computer, but you are still can be attacked. Also, many hackers love small targets (people with very little to none information to steal) because they usually are poorly protected. Even a simple email address can be turned into a tool for a hacker.

Take a moment to read this Lifehacker article – Five Computer Security Myths, Debunked by Experts (http://lifehacker.com/five-computer-security-myths-debunked-by-experts-1602290081)  to learn more.

Passwords & Rea_MeM_8Ereeng Them

Lifehacker Logo

If you are like me, you can create wonderfully secure passwords that you think you will never forget. However, when it comes time to enter them, your mind draws a blank. Earlier I wrote about using a password vault such as Keypass.

I came across this article by Kevan Lee on Lifehacker entitled, “Four Methods to Create a Secure Password You’ll Actually Remember.” Kevan covers what makes up a good password, common passwords that are now part of every hacker’s arsenal, as well as 4 different methods of creating passwords. Also covered is a few ways to check if how secure is your password as well as password management.

I encourage you to check the article out at – http://lifehacker.com/four-methods-to-create-a-secure-password-youll-actually-1601854240

Want to Know if Website Has Been Affected by Heartbleed

According to the Google Web Store, Chromebleed is an extension for Chrome that will check to see if the website you are using is affected by the Heartbleed bug. Below is the description from the developer.

Description

Displays a warning if the site you are browsing is affected by the Heartbleed bug

Many HTTPS-secured sites on the internet use OpenSSL. Unfortunately, a major vulnerability in OpenSSL was disclosed – known as the Heartbleed bug – yesterday that put hundreds of thousands of servers at risk of compromise.

Whilst some servers have been patched already, many remain that have not been patched. Chromebleed uses a web service developed by Filippo Valsorda and checks the URL of the page you have just loaded. If it is affected by Heartbleed, then a Chrome notification will be displayed. It’s as simple as that!

Please note that, in some jurisdictions, site testing can only be carried out with the express permission of the site owner. Please check what the law says in your local area before proceeding to download this extension.

The extension can be download at https://chrome.google.com/webstore/detail/chromebleed/eeoekjnjgppnaegdjbcafdggilajhpic 

Passwords: How Often?

In recent news, people are being to change their passwords because of a flaw in program that makes internet connection secure, OpenSSL.  There is a lot of material out on how this system worked and how hackers exploited this flaw, so I am not going to rehash material that is already out there.

Instead, I want to focus on passwords themselves. In earlier blogs, I explained ways of how to create more secure passwords, rational why you should use a different password for each account, and the advantages of using a password vault. However, I never visited the subject of how often you should change a password.

If you have a Microsoft live account, you may have noticed that they have an option a checkbox you can click to make you change your password every 72 days. If you work for a company where you have to sign-in or log-on your work computer, you might have to change your password at least every 3 months.

The reason for changing your password from time to time is to close a security hole if your password in cases where your password had been compromised. Essentially your password is a key to unlocking access to your account, like a key to your home. If someone has a copy of your key, he/she can enter your house at any time. They can choose to trash your home, steal your valuables, or collect information about you. Likewise, if someone has your password, they can damage files on your compute, steal funds from your accounts, or collect information on you and your business.

Changing your password is like changing your locks. This way if someone is getting access because someone has a key, changing the lock takes away the ability to use that key. The important thing is when you change your password is that you do not use a similar password. For example, many people will use something like “ruMpl_stilskin!” and then change it to “ruMpl_stilskin!1” and then later to “ruMpl_stilskin!2”. A smart hacker will always check for those variations.  (Side note: the same is true for home locks. If your lock has a similar pin configuration aka key cut as your old lock, a thief can use a technique that will make your old key work in the new lock.)

Ok, so changing your password is a good thing, but how often should you do it? My rule of thumb, the more important the information, the more often you should change it. Does that mean you go crazy and change it daily? In my opinion, if it is that important that you need to change it daily, you should really look at a different way to store the information. In most cases, I think every 30 to 60 days is a reasonable timeframe. Again, if they are more sensitive, you should change them more frequently. I also should stress, you need to change every account periodically, even those with little information you need to keep secure.

There are times when you need to change your all of your passwords immediately; in anywhere are least one of your passwords has been or may have been compromised.  The reason being that if the hacker had access to one account, he/she may have been able to collect information related to your other passwords.

Well, I am off to change my passwords yet again….