Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
8 Ways To Avoid Getting Your Life Hacked
Newest First  |  Oldest First  |  Threaded View
TS_Time
50%
50%
TS_Time,
User Rank: Apprentice
8/21/2012 | 1:18:49 PM
re: 8 Ways To Avoid Getting Your Life Hacked
This is kind of a sad story, but I hope it serves as a kick in the pants that some companies and individuals need kick this complacent attitude about authentication and passwords. But the sad fact is there are millions of people just like him who are not taking advantage of this awesome functionality that is being offered to them by several sites. Two-Factor Authentication has jumped into the mainstream over the last few months. Although itGs been around for a while but it is good to see some of the big companies like Google promoting this option. 2-Factor Authentication for email wins every day. I feel suspicious when I am not asked to telesign into my account by way of 2FA, it just feels as if they are not offering me enough protection. I know some will claim this make things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your info is secure. This should be a prerequisite to any system that wants to promote itself as being secure.
Eric_Brown
50%
50%
Eric_Brown,
User Rank: Apprentice
8/15/2012 | 2:57:05 PM
re: 8 Ways To Avoid Getting Your Life Hacked
Thanks for the article. This is a sad fact of the 20th century that we live in. We all need to be more proactive about our personal account security. I agree with you on point 5, 2FA is a must. While he can blame both of the big guys (A+A) who failed him, he still needs to blame himself for failing himself. 2FA was an option that was made available to him and he did not see the need or want to take the time to set it, so it is his own fault. And that would have limited to damage done. But the sad fact is there are millions of people just like him who are not taking advantage of this awesome functionality that is being offered to them by several sites. I really hope this serves as a wake-up call to companies and individuals alike, for the need to kick this complacent attitude about authentication and passwords. An article posted on telesign.com mentioned some good points about how we all need to be more proactive about our personal account security. Take a look: http://www.telesign.com/news-a...
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
8/9/2012 | 1:02:21 PM
re: 8 Ways To Avoid Getting Your Life Hacked
Mat is involved in the tech business yet he buys the "I trust Apple" mantra? He's using iCloud yet it appears he never backed up his data... even to that service? He has a registered Internet Domain name yet he fails to make his registration private using an available option that nearly every Registrar provides?

Fail on many accounts. And, huge FAIL on Amazon and Apple for not adhering to their security practices when it comes to authenticating user identity. Lastly, I wouldn't use Google's services if it were the last one on earth.
MarkSitkowski
50%
50%
MarkSitkowski,
User Rank: Moderator
8/9/2012 | 5:29:12 AM
re: 8 Ways To Avoid Getting Your Life Hacked
I think I can help anyone with a web site to avoid getting hacked.
Our site was hit by an attack from a machine in Sweden at 4am, this morning, which continued till 11am, The attacker launched 23,000 probes before the firewalls caught him and blocked him, whereupon he gave us a port scan of all 65535 ports, once ascending and once rescending. Attackng machine name is h92n5-m-sp-gr1.ias.bredband.te..., IP address 195.252.46.92.

The good thing that came out of this, was that our logs contained details of every file that he tried to access, which I can now pass on.
I've extracted details of the first 10,000 of these probes into a file, to help other potential victims secure those areas.
Get it from www.designsim.com.au/hacker.tx..., or go to the intro.html page and follow the link
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
8/9/2012 | 2:19:05 AM
re: 8 Ways To Avoid Getting Your Life Hacked
I really hate to say it, but welcome to the new reality.

I feel bad for Mat - losing control of those devices and accounts, much less losing the data on them, can make for a really, REALLY bad day.

Don't trust cloud providers? That's exactly why I've built my own infrastructure as part of my recording studio. File server, industrial strength firewall, backup procedures... all things that I've learned and mastered from roughly 20 years in the business.

The fake personal data thing, I've heard that before - but, you have to have a good memory when using things like that, otherwise a lost password that requires a reset turns into even more of an ordeal.

Backups? Yes, that's why I still run DDS-4, thank you. :) Sure, maybe I can't restore my music collection from halfway around the world (I'd like to try, if a plane ticket fell into my lap), but I know that my data is safe.

Account security is always a good thing to look at, consider, and reconsider. If you want to use randomly generated passwords and keep them all in a safe "electronic lockbox", there are a number of generators available on the Internet - even downloadable ones if you don't care to have your passwords transmitted via a web application.

Remote laptop wipe - I'm somewhat on the fence with this one. A lot of it depends on whether or not you are encrypting your hard drive (which I recommend). I like the idea of being able to nuke a device (laptop, tablet, mobile phone) remotely if it ever falls out of my posession.

I think the big take-away here, for everyone reading the article - don't just read, act on it. Learn from these events, lest it happen to you as well.

Andrew Hornback
InformationWeek Contributor


Cybersecurity Industry: It's Time to Stop the Victim Blame Game
Jessica Smith, Senior Vice President, The Crypsis Group,  2/25/2020
5 Ways to Up Your Threat Management Game
Wayne Reynolds, Advisory CISO, Kudelski Security,  2/26/2020
Google Adds More Security Features Via Chronicle Division
Robert Lemos, Contributing Writer,  2/25/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9447
PUBLISHED: 2020-02-28
The file-upload feature in GwtUpload 1.0.3 allows XSS via a crafted filename.
CVE-2019-10064
PUBLISHED: 2020-02-28
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.
CVE-2019-8741
PUBLISHED: 2020-02-28
A denial of service issue was addressed with improved input validation.
CVE-2020-9399
PUBLISHED: 2020-02-28
The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux.
CVE-2020-9442
PUBLISHED: 2020-02-28
OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.