This is copied from an article by Buffalo Bill Brabant...
"There has been a resurgence of hackers attacking webmail users and then using the stolen accounts to send ads and malware to the address books of the stolen account. This is at the least very embarrassing to those involved as one of the users of my Yard sale groups found out last week. After a post by a hacked AOL user they requested I remove the person's posting privileges. Instead I placed the user on moderation and explained what had happened.
As fate would have it, the complainer, who was also an AOL user got hacked about a week later.
Anyhow because it is timely here is an article I wrote about a year ago on password strength which is your only defense against being hacked.
We probably have all seen at least one of these lately, an email from someone we know to about ten of their friends with no subject line or the name of the person as a subject. When you open the email you find a url to a website and if you click on it and you are lucky the worst you will get is a Viagra ad but it just as easy for them to rig the site with malware downloads like antivirus 2010.
This started out a few years back when people were hacking Yahoo mails to steal choice addresses and after their methods were posted on youtube, spammers started hacking hotmail email accounts last winter and then more recently AOL, and within the past week Yahoo accounts.
There has also been a revival of a scam from last year where a person hacks into your email and changes passwords so you cannot check your email. They then send emails out to everyone in your address book saying that you were on vacation out of the country and that you have lost or been robbed of everything except your passport and need thousands of dollars to get out of your predicament. If the person sends an email to inquire about the circumstances the hacker answers as you and has money wired to the foreign country where armed with a false ID he can claim the money from however many people care for you.
You can improve your odds against being hacked with a strong password but it doesn't have to be hard to remember. Let's say for example your name is Dave Jones. You can strengthen security by using upper and lower case letters so we will try DaVeJoNeS which is a step up from davejones which is rated weak by Microsoft
With the DaVeJoNeS it rises to medium security which means that no one will accidentally guess your password even if they know you but it would not stop a hacker so lets go up one more step. We can add number and symbols from the top row of keys to help strengthen the password so we add a number to our medium password and Dave likes 7 so we get DaVe7JoNeS. Adding that one number makes our password in the strong category.
Now we will take Dave's password and we will add a few symbols in this case an asterisk in front and one in back or &*DaVe7JoNeS*& along with two ampersands and our password becomes very strong and hard to crack.
Here is another place where you can check your passwords but even with the Microsoft site I would send them a slightly altered password then what you intend to use because it is always safer to trust no one.
Feel free to share this with your friends because if I can stop one person from being hacked I consider it well worth the time it took me to write it down."
Thanks Buffalo!
You can generate a random password, but it's difficult to remember things like >J^+B#8d.
You could follow Buffalo's method but make it even sneakier by starting with someone else's name - the politician you hate most, perhaps? A one-hit wonder pop-star from the 1980s?
See also: http://nakedsecurity.sophos.com/2010/12/15/the-top-50-passwords-you-should-never-use/
ReplyDeleteI posted this on another forum and got a very good suggestion back:
ReplyDelete“Dictionary attacks” work through all the words in the dictionary, trying them out as passwords.
But they fail if your password is two or more unrelated words – like PurpleGoats or ThreeGreenCats.
Add a few letters and funnies – Thr33greeNcat$ - and you have a cracking password