The loopholes in your online security measures

Written by
  • 6 years ago
  • Posted: October 30, 2013 at 1:51 pm

Everyone fears getting hacked, no one cares. I’m wrong on the second part, there are few people who actually care and do implement “security features” to protect themselves from hackers. Literature abound online on “how to avoid being hacked” etc that offer practical methods on how to bar hackers from penetrating your online and bank accounts or even accessing your home security system if you are one of the few with safes and password locked gates and doors.

The numerous “how to” advice on cyber and online security protection range from ensuring that you have the strongest password possible to not using personal information like your birthday as answers to your security question. Generally the list of how to protect yourself online looks like this:

  • Ensure that you have a strong password with letters, numbers and symbols. E.g. instead of password, use [email protected]$$w015.
  • Have different passwords for different accounts
  • Use password managers for the many passwords
  • Ensure to log out from public accounts
  • Always use a two step authentication system whenever available
  • Clear your cache and cookies every now and then

Other security measures you need to take include

  • Do not use unknown plug and play devices (SD cards, external hard disks, Flash drives etc)
  • If you have home Wi-Fi do not give it a name that can be traced back to you e.g. your name, your home address, your spouse’s name etc etc
  • Make sure you trust anything you have to download online especially from emails
  • Don’t click links anyhow especially those sent to you via emails or private message centers in social media
  • Don’t keep sensitive information on your computer/tablet/smartphone etc
  • Don’t be a journalist or be married to one

There are quiet a number of loopholes that I have gathered from users’ comments in the www and here are a few interesting ones:

1. Using personal information to answer security questions

Recommendations out there say that you should not share personal information like birthdays that you have probably used as an answer to the security question on social media.

Listen, “please stop using things like date of birth, high school name, year you were married, etc for security questions. These things aren’t private and we should stop pretending they are. Even if you don’t list your birthday on Facebook, someone who knows will wish you a happy one on the day anyway. So my advice is to not worry so much about sharing personal things on Facebook. Worry more about keeping track of what services you use that are high risk, what email address they are registered to, and whether or not you have enabled every available security feature… Especially for your email. There are plenty of good ways to encrypt your passwords so you can have strong unique passwords for everything.” by Sean St 

2. Use unique passwords

Don’t use names like pet names, grandmother names and words like mypassword for password. Use difficult complex letter, number, and symbol combination that will be hard to guess e.g. *1465*prevent/theft\2013. After using such a difficult to remember password, don’t use it for every account but each of your online accounts must have a different, unique password that is hard to remember. Believe you me you won’t do this unless you have to save your passwords into one place e.g. an email message that contains them or better still using a password manager like the one available here. The paradox is that you need a password for the password manager, too.

Listen, “Length is more important than complexity. Remember: any password is crackable, you just want it to take as long as possible:” by Life Hacker.

That is, don’t think those symbols, uppercase lower case combos and hashes do anything to protect you from a hacker. Just use a long password like this: thisismyveryverylongpassword.

3. Use of password manager

I have mentioned one downside to this but,

Listen, “Do not use password applications to store your passwords… do not store your precious data to an online data backup service… you will give anyone whom is an employee of the company and has administrative rights to your stored online data ACCESS to your life.”

His solution?, “I use linux with lots of security and encryption, and I memorize all my 20 passwords consisting of 15+ : upper/lower case characters,numbers and special characters. Along with an algorithm.” by Fname Lname.

4. As long as you are online, a determined hacker will ultimately get you

There are a number of trap websites, a number of “genuine” emails that have attached trojan horses (e.g. your friend’s email could have been hacked and from their account a really genuine looking email that has been sent based on previous conversations sent to you with an attachment), or the hacker has this supper fast computer that can decrypt a 128 bit encription in less than 24 hours, etc etc.

Listen, “If somebody wants to hack you badly enough, they can find a way to do it, so long as you allow them. You can give out information, not use any log-in, or do some other garbage. It doesn’t matter. You could go to web sites that are honey traps, can open contaminated e-mails, open Word documents that have metadata hiding malware. I don’t care if your passwords are 20 characters and mostly those used in punctuation; if you get keystroke capture malware on your computer, these passwords are as good as ‘Welcome Home & Enjoy!’ Do you have children or subordinates using your computer? Are they playing games or looking at scantily-dressed models’ pictures or reading the latest bulletin on Lady Ga-Ga’s sudden demise (well, not really, but that’s what the message says). Sharing computers = contamination of your machine.
A computer should be treated like your undies. Do you really want anybody else using it?” Mark Kropf.

Finally there is this guy called Adams Penenberg who hired Nicholas Percoco, senior vice president of SpiderLabs, the advanced research and ethical hacking team at Trustwave, to perform a personal “pen-test,” industry-speak for “penetration test” on him. Nicholas was more than successful and Adam learnt whatever lesson he wanted to learn from online vulnerability.

Forbes, that Adam once worked for, decided to give us some 8 point advice on how to prevent being hacked the way Adam was hacked. The last point on Forbes’ list reads:

A number 8 via security technologist Chris Soghoian, “The main lesson in [Adam’s article] appears to be don’t marry/date a journalist. His wife was the biggest victim.” She didn’t find out hackers were targeting the family until they’d already succeeded. “Promise me you’ll never do anything like this again,” she told Penenberg when she found out”

Enjoy a hack free day.

What is your opinion on the topic?
Odipo Riaga
Managing Editor at KachTech Analytics Ltd
Film Director, Tech and Business Blogger, Chess Player, and Photographer. God is Science.
Odipo Riaga on FacebookOdipo Riaga on LinkedinOdipo Riaga on Twitter
Article Tags:
· ·
Article Categories:
TECH NEWS