Skip navigation
Help

online security

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.
Original author: 
Jon Brodkin

Aurich Lawson / Thinkstock

It's time to ask yourself an uncomfortable question: how many of your passwords are so absurdly weak that they might as well provide no security at all? Those of you using "123456," "abc123," or even just "password" might already know it's time to make some changes. And using pets' names, birth dates, your favorite sports teams, or adding a number or capital letter to a weak password isn't going to be enough.

Don’t worry, we're here to help. We’re going to focus on how to use a password manager, software that can help you go from passwords like "111111" to "6WKBTSkQq8Zn4PtAjmz7" without making you want to pull out all your hair. For good measure, we'll talk about how creating fictitious answers to password reset questions (e.g. mother's maiden name) can make you even more resistant to hacking.

Why you can’t just wing it anymore

A password manager helps you create long, complicated passwords for websites and integrates into your browser, automatically filling in your usernames and passwords. Instead of typing a different password into each site you visit, you only have to remember one master password.

Read 83 remaining paragraphs | Comments

0
Your rating: None

Aurich Lawson / Thinkstock

Encryption, the transformation of data into a form that prevents anyone unauthorized from understanding that data, is a fundamental technology that enables online commerce, secure communication, and the protection of confidential information.

Encryption algorithms are the mathematical formulae for performing these transformations. You provide an encryption algorithm with a key and the data you want to protect (the plaintext), and it produces an encrypted output (the ciphertext). To read the output, you need to feed the key and the ciphertext into a decryption algorithm (sometimes these are identical to encryption algorithms; other times they are closely related but different).

Encryption algorithms are designed so that performing the decryption process is unfeasibly hard without knowing the key.

Read 55 remaining paragraphs | Comments

0
Your rating: None

Aurich Lawson

In the 1990s, client-server was king. The processing power of PCs and the increasing speed of networks led to more and more desktop applications, often plugging into backend middleware and corporate data sources. But those applications, and the PCs they ran on, were vulnerable to viruses and other attacks. When applications were poorly designed, they could leave sensitive data exposed.

Today, the mobile app is king. The processing power of smartphones and mobile devices based on Android, iOS, and other mobile operating systems combined with the speed of broadband cellular networks have led to more mobile applications with an old-school plan: plug into backend middleware and corporate data sources.

But these apps and the devices they run on are vulnerable… well, you get the picture. It's déjà vu with one major difference: while most client-server applications ran within the confines of a LAN or corporate WAN, mobile apps are running outside of the confines of corporate networks and are accessing services across the public Internet. That makes mobile applications potentially huge security vulnerabilities—especially if they aren't architected properly and configured with proper security and access controls.

Read 32 remaining paragraphs | Comments

0
Your rating: None

Aurich Lawson

Some say we're living in a "post-PC" world, but malware on PCs is still a major problem for home computer users and businesses.

The examples are everywhere: In November, we reported that malware was used to steal information about one of Japan's newest rockets and upload it to computers controlled by hackers. Critical systems at two US power plants were recently found infected with malware spread by USB drives. Malware known as "Dexter" stole credit card data from point-of-sale terminals at businesses. And espionage-motivated computer threats are getting more sophisticated and versatile all the time.

In this second installment in the Ars Guide to Online Security, we'll cover the basics for those who may not be familiar with the different types of malware that can affect computers. Malware comes in a variety of types, including viruses, worms, and Trojans.

Read 35 remaining paragraphs | Comments

0
Your rating: None

Aurich Lawson

My family has been on the Internet since 1998 or so, but I didn't really think much about Internet security at first. Oh sure, I made sure our eMachines desktop (and its 433Mhz Celeron CPU) was always running the latest Internet Explorer version and I tried not to use the same password for everything. But I didn't give much thought to where my Web traffic was going or what path it took from our computer to the Web server and back. I was dimly aware that e-mail, as one of my teachers put it, was in those days "about as private as sticking your head out the window and yelling." And I didn't do much with that knowledge.

That sort of attitude was dangerous then, and the increasing sophistication of readily available hacking tools makes it even more dangerous now.  Luckily, the state of Internet security has also gotten better—in this article, the first in a five-part series covering online security, we're going to talk a bit about keeping yourself (and your business) safe on the Web. Even if you know what lurks in the dark corners of the Internet, chances are you someone you know doesn't. So consider this guide and its follow-ups as a handy crash course for those unschooled in the nuances of online security. Security aficionados should check out later entries in the series for more advanced information

We'll begin today with some basic information about encryption on the Internet and how to use it to safeguard your personal information as you use the Web, before moving on to malware, mobile app security, and other topics in future entries. 

Read 21 remaining paragraphs | Comments

0
Your rating: None

Hackers-darkness_thumb

Last week, Leon Panetta stoked some fears and drew bloggy jeers when he warned of an incoming “cyber Pearl Harbor.” The gloomy song and dance, which we’ve heard played out so many a time now, made a chorus of hackers’ alleged ability to disrupt transit lines and shut down the power grid. As Motherboard’s Mr. Estes pointed out, the faux-somber debacle was mostly designed to scare folks into supporting the Obama administration’s drive for internet security legislation.

And it might work. After all, we’re innately terrified of a world without electricity at this point; so much so that we’ve created an entire subgenere of fiction, the unplugged dystopia, to imagine its terrors. There’s been a steady drumbeat of forceful warnings of cyber attacks that could “cripple” the US grid: from Obama himself, from the NSA general who said over the summer that the probability of a crisis is mounting, and from the military, who says that Anonymous, the hacker group, would soon be capable of shutting down the entire U.S. electrical grid.

0
Your rating: None

somehwat-mad-completely-mad-u-mad-MADAD.jpg

Patrick Gray of the Risky Business security podcast wrote a funny rant about why many who work in computer security are secretly chuckling at the antics of hacker/cracker/prankster entity Lulzsec.

"They're posting proprietary developer code. They're bringing back Tupac and Biggie. They're advising Nintendo on more secure httpd configurations. And they're issuing funny press releases via Twitter and Pastebin," Patrick writes.

But more to the point, professional consultants have been trying to teach the I.T. world these fundamental lessons about security for ages—now, thanks to LulzSec, the world is finally listening.

It might be surprising to external observers, but security professionals are also secretly getting a kick out of watching these guys go nuts.

I wrote my first article on information security around May 2001. It was about the Sadmind worm and it ran on the letters page of the IT section of The Age newspaper in Melbourne.

"Geez," I thought to myself. "If awareness isn't raised about the unsuitability of these computamajiggies for srs bizness, we could encounter some problems down the track."

So for the last ten years I've been working in media, trying to raise awareness of the idea that maybe, just maybe, using insecure computers to hold your secrets, conduct your commerce and run your infrastructure is a shitty idea.

No one who mattered listened. Executives think it's FUD. They honestly think that if they keep paying their annual AV subscriptions they'll be shielded by Mr. Norton's magic cloak.

Security types like LulzSec because they're proving what a mess we're in. They're pointing at the elephant in the room and saying "LOOK AT THE GIGANTIC FUCKING ELEPHANT IN THE ROOM ZOMG WHY CAN'T YOU SEE IT??? ITS TRUNK IS IN YR COFFEE FFS!!!"

There is no security, there will be no security. The horse has bolted, and it's not going to be the infrastructure that's going to change, it's going to be us.

"Why we secretly love LulzSec: Elephant in room visible. Cans open. Worms everywhere." (risky.biz)

 

0
Your rating: None