– By Bill Read of Computer Consultants Group, Inc., (ccgnet.com) of Charleston –
Computer hacking events are at an all time high. This past week your venerable Edgefield Advertiser discovered that our own web server had been compromised. Our site does not contain any sensitive information, other than our own news articles, so please be assured that your subscription information is safe. However, we wish to use this as a teachable opportunity. How does this happen? Are your computers and online accounts safe? What can you do to protect yourself?
Computer hacking comes in a variety of forms. Attackers constantly probe computers and servers for known vulnerabilities in out-of-date software. In our case, our web server became the target of a hacker in a foreign country. While we do not know specifically how the intruder succeeded, it was probably via outdated software (since updated), or an insecure password (also updated). The attacker’s intent appears to have been related to automating “likes” and comments on Facebook pages (for more on this see this NY Times article: http://nyti.ms/NgjzKY ).
Other similar attacks might exploit a server to send email spam, or make it part of a network of compromised computers (a “botnet”) to be used to attack other computers and networks (most commonly used in Distributed Denial of Service attacks, or DDoS). Servers are not the only targets. Personal computers are vulnerable to viruses (trojans, adware, spyware, etc.), many of which will add your computer to a botnet. Some hacking attempts are focused on gaining high volumes of personal information — as with the SC Department of Revenue. Yet, others target individuals, either via hacked email accounts, online banking, or online shopping accounts.
This all raises the question: “Are my computers and online accounts safe?” The answer is an unsatisfying “that depends.” Ask yourself the following questions:
- Are my passwords longer than 10 characters, and not dictionary words?
- Do I use different passwords for all of my internet accounts?
- Do I keep my computer software up-to-date?
- Do I use antivirus software, and do I keep it up-to-date?
- Do I verify the identity of websites before I provide personal information?
If you answered yes to all of these questions, then you are among an elite few who practice internet safety. If you answered no to any of these questions, you need to make some changes.
Using up-to-date software and having good password security are the two most basic, and important, safety practices. If you have an older computer, or you have stopped updating the software, it is time for a review — hire a geek to come help you if you don’t know how to do it yourself. Password security is a bit more difficult.
Many people think their email account contains nothing private or of enough importance for them to use a “safe” password. But consider this: most websites allow you to reset your password via a link sent in an email. Therefore a weak email password is a gateway to almost every website you use — including your bank. Your email password needs to be one of the most secure passwords you have.
Typical password advice is this: use a combination of 8-10 letters, numbers, and at least one symbol; and use at least one uppercase and one lower case letter. This is almost entirely wrong. By following this advice you will end up with a password that is hard for you to remember, but relatively easy for a computer to guess (geeks should see this cartoon: http://xkcd.com/936/ ).
The best password is a long password — a very long password. Use a three or more word nonsense phrase, example: “studebaker library square.” You can commit this to memory quite easily, while it would take a computer about 100 days to guess at 1,000 guesses/second. Of course, you will need to invent a new phrase for each website/service you use. If you find it too difficult to keep track of all of your passwords, consider using a password manager (you can read about them here: http://bit.ly/MIkbsm ).
With increasing hacking activity world-wide, it is never more important than now for you to take control of your own internet safety. Identity theft is only one of many reasons you should be concerned. With nefarious hackers attacking from across the globe, your computer could be used for anything from sending junk mail to attacking military computer systems. Take the time today to review your security. Check your software and change some or all of your internet passwords.
Bill Read is married to the former Jane Heyward, daughter of the late Ike Heyward (and wife Jerre) who spent many of his growing up years in Edgefield. Ed. Note