Hello people,
I know this is a
little different from my regular posts, but with the amount of large data
breaches in recent times, I just thought of writing this. Full disclosure: I
am, in no way, a hacker yet, which is why I think this is the kind of
perspective a lot of my non hacker friends will understand.
A lot of people look for a simple response, a key for a lock; a combination for a safe.
I always hear: I don't want all the details, can't I just install an anti-virus and be done with it? My response generally is: Well, sure(rolling my eyes! :P ). The truth of the matter is you can never be sure your system isn't going
to be hacked (More on anti viruses coming up). But it doesn't mean you can’t prepare for it. It doesn't mean you
make it easy for the hackers.
Following are very simple things
that I feel can help make your system safer. The idea is simple, unless you are
the invariable target; hackers are only looking for easy systems to exploit. If
your system shows any form of defense, the most frequent response of a hacker,
is to move on to a more easily exploitable system (albeit a non-intuitive one
to many readers).
- Passwords (at
least 16 characters, difficult to guess and unique): This drum has been beaten
by almost everyone I know around me in the security field. There was once even
an instance in my cyber security class when my professor actually asked how many
people had a password over 15 characters long, and there were, as far as I
remember only 3 people with their hands raised. Passwords should be at least 15 characters with uppercase, lowercase numbers and special characters. Let’s take the next one, many
times, hacks are as easy as clicking on forgot password for your account, and
correctly answering the security question (hint: “my dog’s name”). In addition,
many people have passwords based on the sports teams they support, the
celebrities they follow, makes it easier to decipher.
Some of the biggest companies like
apple, target, and now ebay have had huge data breaches. We just witnessed the
single greatest internet bug very recently in heartbleed with un quantifiable
amount of possible data loss. What do you do in such cases? You change your
password when they ask you to, and use UNIQUE passwords for all your major
accounts. Think about it, if your paypal and, say ebay password was the same;
post this breach, both become vulnerable to exploitation. Ebay will ask you to
change the password on their system, but the paypal account is still
vulnerable. So, how then does one have so many hard to remember unique
passwords? That brings me to point 2 - Password managers: A lot of people may not know about these secure systems, but managers like LastPass and 1Password are very good ways to have very strong unique passwords, and not have to remember them. What then, if LastPass gets hacked. It’s an important concern, but tough to explain in a paragraph. So, you guys can check out this post from lifehacker. Explains the pros and cons really well. http://goo.gl/Jxv3PD
- Software updates: This is perhaps the most intuitive thing to do. It’s a common misconception that software updates are solely to give you better features or fix application bugs. In truth, most of these updates solve security issues. Please update your software regularly (hint: browsers: use atleast 2, firefox and chrome, and flash player). Side note: Use ad block extensions on your browsers. Saves you a lot of trouble and takes care of a few hacked pop ups too.
- Do not rely on Anti-viruses: Okay, engrave this on your TV, make a roadsign, write it on your coffee mugs, anti-viruses DO NOT stop you from getting hacked. The only job of an anti-virus is to ensure that malicious software does not run on your system and each individual anti-viruses definition for malicious is different. Hacks are performed in multiple ways, using simple hardware keyloggers, using phishing websites, sending e-mail spam, using code executing malware. All of these can be performed even if you have the best anti-virus fully updated. P.S: My aim isn't to tell you now to buy an AV, but to see the difference between viruses and other threats.
- BACKUP BACKUP BACKUP:
So, why did I write that 3 times in caps? Because it’s very important. It’s
simple, if your system gets hacked; you need to be able to access your
important data from another place. This doesn't just ring true for systems, even your phones, especially now since there are hackers who are using these
new hacks they call ransomware. They lock your system (or now even your iphone)
with an encryption and ask you to deposit bitcoins (anonymous online currency,
difficult to trace) worth a certain amount of $ to an account in return for the
password. Just think for a moment about everything you may have just lost if
you didn't back your system up.
- Be vigilant: If
that anti-virus a shady looking company is selling, gives you unlimited
indefinite subscription for ¼ the starting price of another AV (lets say Kaspersky), it’s probably a
scam. These could in fact, be malware which can be further used to exploit your
system. Take care of simple things like checking the address bar before
entering your login info to websites, checking for the https lock sign (which
almost every login page will now have), not running any shady applications on
your system, just be very logical and responsible.
 |
| Either you ignore these questions, or you don't! |
Your system is like your house; you put a good locking mechanism on your doors, shut them and turn the key to lock it. Do the same with your system. It contains your credit card, paypal, bank account details. Be careful with it! J
P.S: For more details, please feel
free to contact me. You can leave a comment on the blog, or contact me on my
e-mail.
Until next time,
Cheers!
No comments:
Post a Comment