Robert Siciliano Identity Theft Expert
Recently Microsoft, Yahoo, Google, Comcast and Earthlink announced thousands of email addresses and their passwords were phished by identity thieves and posted in an online forum. One report suggests the emails phished could be up to a million victims.
Researchers parsed the hacked passwords and broke them down into categories based on their level of security. For example some of the passwords were very weak “111111” “123456” “1234567” “12345678” “123456789” made the top list. Many of the stolen passwords were people’s first names which of course could be kids, spouse etc. Obviously anyone who uses an insecure password like this is more likely to get hacked due to their laziness and less than sophisticated approach to security. 60% of the passwords contained either all numbers or all lowercase letters.
Always use a combination of upper case and lower case, numbers and characters that don’t actually spell anything. Use the first letters of phrases and plug a number in there with a character “Monday is the 1st day of the week!” is Mit1dotw! Research in the data breach showed 6% of the passwords reflected this strong style.
There is however buzz in the IT security world that the data may have been leaked via a botnet. A botnet is a robot network of computers connected to the internet that all share a common technology, a virus/spyware that allows a criminal hacker to remotely access and control the machine. A botnet can be 10 PCs, 10,000 PC or many more. The infamous “conficker” is a botnet. Once a PC is infected the criminal hackers can use the botnet to commit crimes, store data and of course siphon data from the machines.
However while many of the passwords were weak, there were many passwords that were very strong. The argument is that based on the strength of many of the passwords it is unlikely that they were phished, and more likely hacked.
Regardless of the method of attack there are many things a computer user can do to prevent phishing and being part of a botnet.
- When you receive any email from any “trusted source” asking you to login for ANY reason do not click links in the body of the email. Instead manually type the address or go to your favorites.
- Use the most recent version of a web browser that has a built in phish filter. Phish filters warn you against clicking links on unauthorized websites.
- Invest in anti-virus protection and make sure you have it set to automatically update your virus definitions. There are potentially thousands of new viruses every day. Going a week without anti-virus can make you vulnerable to attack.
- Invest in Intelius Identity Protection and Prevention. Because when all else fails, its great knowing someone is watching your back.
Robert Siciliano Identity Theft Speaker with ID Analytics discussing Social Media Identity Theft on Fox Boston
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.
- Please Hack Me. My Password is 123456
Robert Siciliano Identity Theft Expert Is this you? Are you a hacker’s delight? Are you a lazy lima bean begging to be hacked? Recently, there were 32 million passwords stolen last month from a social media site. Upon observation, researchers determined 1 percent of the 32 million people it studied had used “123456” as a password.
- Up to 1 Million email Accounts Phished for Identity Theft
Robert Siciliano Identity Theft Expert Hotmail, Earthlink, Google, Yahoo, Comcast and other web-based email users have been giving up al their login details to phishers and current estimates are as many as 1 million accounts may have been compromised. News of the scam broke when technology blog neowin.net reported an anonymous user had published confidential details on pastebin.com.
- 6 Ways to Secure Your Email Account
On August 30th, 1982, a copyright for a Computer Program for Electronic Mail System was issued to Shiva Ayvadurai. Thus, email was born. 32 years later, email has become an essential part of our lives. Emails are a must-have item, allowing us to connect and share information with friends, teachers, and co-workers. To celebrate email’s birthday, here
- Biggest Botnet Goes Bust
Robert Siciliano Identity Theft Expert News of the Spain based Mariposa botnet reveals close to 13 million Zombie PCs in more than 190 countries affected. Further investigation determined half of the Fortune 1000 companies had PCs on the Bot. Three men have been arrested and a 4th is sought. The sole purpose of the Bot was
- Targeted Injection Attacks on the Rise
Robert Siciliano Identity Theft Expert In the latter half of 2009, criminal hackers went from mass SQL injection campaigns to targeted attacks. SQL is abbreviation of Structured Query Language. Pronounced ”Ess Que El” or ”Sequel”. The attackers shift in strategy focused on targeting high-profile websites, concluded Websense’s State of Internet Security report for the third and fourth quarter of
Leave a Comment
You must be logged in to post a comment.