How Secure Are Your Online Passwords? Avoid These Common Choices

How much thought do you put into your online security? These days there are so many different networks and services to sign up to and be a part of, it gets to the point where remembering all of the various login credentials can be a particularly arduous task. It’s not surprising therefore that we often either reuse the same login information for different online accounts or create incredibly simple passwords.

This can make things easier for you to remember how to login to Facebook or speed things up when trying to order something from Amazon, but if you’re using the same key for lots of different locks, think of the potential damage that could occur if that key were to fall into the wrong hands. It seems that rarely a week goes by without news of another dataset being breached by hackers who steal the login information of countless users for an online service. Just last week over 450,000 Yahoo Voices users had their email addresses and passwords posted online.

While there is little that individual users can do to prevent such attacks, a blog post published today revealed the shocking simplicity of password choice by a frightening proportion of web users. Strings of consecutive numbers or letters are commonplace, as is the practice of combining consecutive numbers with the name of the service the password grants access to.

These passwords are often used to login to a number of different networks, so if for example a hacker was to discover the password for your web-based email account, they would feasibly be able to rifle through the content of many other online services that you use.

Many websites tell you how strong your password is when you are either creating or editing account information, so you’d be advised to make sure you heed their advice and come up with something containing upper and lower case letters, as well as numbers.

Of course, trying to remember lots of different passwords and variations of memorable information is very hard indeed – I’ve lost count of the number of times I’ve clicked ‘Forgotten Password?’ while trying to login to some service or another. However, if you are going to use the same password across many different sites, make sure it’s a strong password that is seemingly obscure to anyone else, but is something that only you would be able to remember or understand.

Unfortunately there are people out there who will attempt to fraudulently gain access to our accounts for malevolent purposes – the best we can do as individuals is to make it as hard as possible for them to crack our passwords.

Yahoo Breach Extends To Gmail, Hotmail And AOL – How To Check Your Account

Following on from yesterday’s news that the email addresses and passwords of 450,000 Yahoo Voices users were hacked, it has emerged that the breach extends beyond Yahoo and into the realms of Gmail, Hotmail and AOL.

The hacking group D33D Company used what is known as an SQL injection, which exploits software vulnerability, to obtain the personal data from Yahoo. Researchers at the security company Rapid7 found that among the stolen data were 106,000 Gmail email addresses, 55,000 Hotmail email addresses and 25,000 AOL email addresses.

A spokesman for Yahoo has said that the compromised accounts belonged to Yahoo’s Contributor Network, and at this point less than 5% of the passwords posted by D33Ds are still valid. Similar swift action was taken by Google, with a company spokesman saying that Google immediately reset passwords for vulnerable Gmail accounts. Those email accounts were not hacked; instead people had used their email addresses as user names for a Yahoo service.

If you’re concerned that any of your accounts may have been compromised, Sucuri, a company that checks for malware has set up a site that allows users to check if their account details were obtained in the breach. You can check yours here:

labs.sucuri.net/?yahooleak

The motives behind the attack were explained by D33Ds, with a note attached to the stolen data (which has since been taken offline): “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat.”

Even so, security experts have been quick to criticise Yahoo for allowing hackers to access its systems with such apparent ease. Mark Bower, a vice president at Voltage Security said: “Why haven’t organizations like Yahoo got it yet? SQL injection is a known attack. If what is stated is true, it’s utter negligence to store passwords in the clear.”

As with any hack of this nature, the best advice we can give you is to change your passwords for any of the potentially affected accounts, and also for any other accounts that you may use the same passwords for.

US Government Denies Megaupload User Access To His Own Files

The case of the collateral damage brought about by January’s closure of file-sharing site Megaupload has deteriorated further for users who still cannot access their own private files.

Kyle Goodwin, an Ohio videographer who runs a business recording high school sporting events, has been told by the US Department of Justice that he has no right to demand his files back from the US government. Despite the fact he was supported by the Electronic Frontier Foundation and that the Motion Picture Association of America (one of the bodies represented by the prosecution against Megaupload) had no problem with him having his files returned to him, the US DOJ won’t budge.

The reasoning behind this decision is quite long-winded and has to do with the manner in which data was seized and the relevant warrants that were executed, so for the purposes of this blog we won’t delve into the specifics. If you’d like to know more about the legal issues surrounding this, Ars Technica goes into more depth.

The point I’m trying to make is that whenever you entrust any third-party to hold on to your files, you are potentially at the mercy of how they operate in relation to the law(s). If anything untoward is suspected of happening with that company, then you may suddenly find that you are separated from your own data with no indication of when you may be reunited with it.

If you are trying to run a business and important documents are out of reach, then this can pose some very serious problems. This situation has arisen from a legal issue – there are other ways you can lose your data that are completely out of your hands, such as hacking or server malfunctions.

If you need to make files available from a number of locations and to a number of people, then there is a safer and more secure way of doing this. DADapp has a user to user sharing system that allows for the easy private sharing of files, music, videos and photos – without the need for cloud hosting.

It’s more private than Facebook, easier than Windows networking and more flexible than Dropbox. If you’d like to share with your own world and not the whole world, then download DADapp and create your own private social network today.

How To Guarantee Uniformity In A Workforce Using Different Devices

An article on the BBC site earlier this week discussing the concept of BYOD (Bring Your Own Device) raised some interesting issues that companies may face if they decide to give employees free reign over how they go about their work.

The trade-off appears to be between having each of their employees using their own individually preferred system that will maximise their ability and effectiveness when it comes to getting work done, or having uniformity and security across the board. This can concern anything from how employees and management communicate within the business, to how confidential documents and files are distributed on both an inter and intra-company level.

Trying to pair lots of different devices running different operating systems onto an internal network can be somewhat of a headache, and if you have half the workforce using PCs, and the other half using Macs, there are bound to be issues. Even trying to transfer data PC/PC and Mac/Mac has its occasional problems.

Work files means large sets of data, often with very large file sizes that can slow down and even temporarily halt email systems. There is the option to use sophisticated collaboration systems, but these have a training and cost burden that many companies would rather avoid, especially if just using the system for exchanging files.

DADapp is an alternative that works across both PC and Mac operating systems, allowing individuals and groups to exchange messages, files and data privately, securely and quickly without limits. The User 2 User sharing system developed for DADapp means that company files do not need to be stored in or shared through the cloud, which is more often than not operated by a third-party – something that businesses are often concerned about if sensitive or confidential data is being exchanged.

Discover New Films Based On Your Musical Tastes

This morning I came across a new service on Mashable’s The Spark of Genius Series that I just had to share as, to me at least, it is so damn cool. In a nutshell, MyZeus looks at your friends, the music you like and the world around you to help you discover movies in brand new ways. Music is a big part of my life, both as a musician and as a listener, and I always get a little too excited when I hear a song from a favourite band or artist in a film that I’m watching.

Soundtracks to films and TV programmes have always been a good conduit for up and coming artists to gain exposure and reach a large audience with relative ease. It’s a great way for the casual viewer to discover new bands without feeling like it’s being thrust in their face. So what MyZeus have effectively done is to flip this idea on its head. By connecting their Last.fm and Rdio accounts to MyZeus, the early release of the product will give users film recommendations based upon their listening habits.

One of the things I find most enjoyable about music is the association – where you first heard a song, who you were with, what the occasion was etc. Hearing a song or artist you like in a film evokes a similar response, as you associate the plot or mood of the film with that song, and this is what co-founder Patrick Algrim wants to achieve: “If you say you like Dave Matthews Band, and this movie has Dave Matthews Band in it, and you discovered it through MyZeus, throughout the whole movie you’re actually listening for that Dave Matthews song,” Algrim says. “It becomes a lot of fun.”

Purely by happenstance I discovered a brilliant film because someone else had seen it and asked me if I’d heard the music at the end that was a cover of a song by The Who, performed by Pearl Jam, of whom I am a huge fan. The next night I rented the movie and thoroughly enjoyed it. If these sort of recommendations can be sent my way more frequently I’d be a very happy man – MyZeus is certainly one to keep an eye on.

Added bonus!  – Andrew Robertson’s recommendation: Reign Over Me (2007) – Trailer

Can You Ever Delete Something From Facebook?

When you delete a picture on Facebook, is it really gone? This is a problem widely faced by those of us who were on the social network whilst still in our youthful partying days, where embarrassing or inappropriate images of us would have been posted and tagged by our friends or even ourselves. But perhaps you’re now trying to forge a career path, and pictures of you dressed up in drag or passed out with rude words written across your forehead in permanent marker aren’t the best things to have come up on the results page when a potential employer Googles your name.

Or course, you can always just click the ‘delete’ button on Facebook and bingo, the offending image is no longer on your profile page. However, that doesn’t mean that the image has been erased from all sources. An old article I read on LifeHacker today tells of how a photo that a lady ‘deleted’ in May 2009 was still on Facebook’s servers in October 2010. Whilst the social network removed the links to the picture straight away, the actual image file remained, meaning that anyone who had or could obtain a URL to the image could still get it from Facebook.

After being told in 2009 that the image would be removed in “a reasonable period” and that others would not be able to view it, she questioned them further. The response wasn’t particularly reassuring:

“For all practical purposes, the photo no longer exists, and we wouldn’t be able find it if we were asked or even compelled to do so,” Facebook spokesperson Simon Axten told Ars via e-mail in October 2010. “This is similar to what happens when you delete information from the hard drive of your computer.”

Not quite. Your hard drive isn’t indexed by search engines such as Google, scraped and archived by hackers or cached in web browsers. The bottom line? If you’re not sure about the picture, don’t put it where the world can see it – after all, once it’s out there it’s very hard to take it back.

How To Enable Secure Browsing on Facebook and Twitter

With an increasing number of users and time spent on the sites, Facebook and Twitter can be an absolute gold mine for would-be data thieves and hackers. But thankfully the engineers over at these two online social Goliaths have given us the wherewithal to make sure our entire session is secure – not just the login. Secure browsing for an account ensures that data cannot be monitored by other users of the network or the ISP – particularly useful when on public computers or using a shared network at your local coffee shop for example.

Another clever new feature on Facebook allows you to be sent an email alert when a new computer or mobile device logs into your account, so if someone does get hold of your password or gains access to your account from elsewhere, you at least have a heads up and can change your password sooner rather than later.

Enabling https (secure browsing) on Facebook and Twitter is very simple, and here’s how you go about doing it:

Facebook:

  1. From the homepage, click on ‘Account’ > ‘Account Settings’
  2. From the list, find ‘Account security’ and click ‘change’
  3. You can then enable ‘Secure browsing (https)’ and the email alerts for when an as yet unidentified device logs in to your account.
  4. Click ‘Save’ and your account is just that little bit more secure

Twitter:

  1. Click on your user name in the top right-hand corner, and from the drop down menu click on ‘Settings’
  2. Under ‘Account Settings’, scroll down to the bottom and where it says ‘HTTPS Only’, tick the box next to ‘Always use HTTPS’.
  3. Now click ‘Save’.

When you now look at the address bar at the top of your browser, you should see the green padlock indicating that you are in secure territory. As these social networks continue to expand and evolve, it’s inevitable that cracks will appear that allow those of a less morally sound mindset to sneak through. However, it’s reassuring to know that the designers of these sites are aware of this and are making available a means for the more safety conscious of us to double-lock the door behind us.