By Tuan Nguyen
Posting in Technology
Some of the more sophisticated methods of identity theft involve the vulnerabilities inherent in the technologies we use to log in.
From Facebook to bank accounts, logging in has become somewhat a way of life for internet users. Consequently, so is the threat of identity theft.
Using a strong password is usually enough to beat back attempted break-ins, but hackers have become more and more sophisticated in their approach. Last week, my colleague Christie Nicholson outlined seven methods one hacker used to gain access to emails and other private accounts, some of which included exhaustive efforts such as mining clues from a person's blog, online legal records and information gleaned from search engines. And as if that wasn't creepy enough, Simson Garfunkel over at Technology Review recently discussed a few more tricks that involve the vulnerabilities inherent in the technologies we use to sign on.
Here's a summary:
- Malware that lurks inside your computer. Antivirus programs can detect and remove password-stealing viruses but some bugs can remain undetected for weeks or months after initially infecting the host.
- The giant loophole that is Windows XP. It wasn't until Microsoft released Windows 7 that the popular operating system was fortified with advanced security features. Not upgrading means you're that much more at risk.
- Public computers. There's no way of telling whether an internet cafe are free of viruses or keylogging programs. And many run on Windows XP.
- Open Wi-Fi that provides open access for crooks. Wireless access points that aren't encrypted means anyone using the same network can 'sniff' out your password information.
- Sneaky website re-directs known as man-in-the-middle-attacks. The deception in these kinds of attacks is where the hacker eavesdrops on users by inserting himself in between the communication channels without the users knowing. This method can even get around SSL encryption.
Terrifying right? So what's a hapless potential victim to do to avoid becoming a statistic? Currently, the best way to counter these opportunists is to have several barriers of defense.
Here are few suggestions that should be standard for anyone who has an email address:
- Install a good anti-virus program. For instance, Malware Bytes is a popular seek-and-destroy software.
- For PC users, Upgrade to Windows 7. The 64-bit version has the most security features.
- Change your settings to ensure the channel is encrypted when you log. A secure site should begin with https://
- Create an ultra-secure password that's also easy to remember. Check one of my previous posts to learn a clever way to do this.
The less-than-obvious tools:
- Use two-step verification. Some companies like Google offer users an addition layer of protection requiring account holders to enter a verification key sent to a cell phone. You can activate this by going to the Google help page.
- Backup authentication. Many companies also have additional screening options such as listing alternative e-mail addresses, cell phone numbers, and answering "secret questions."
- Turn on account alerts. Banking institutions have account features that allow you to be alerted via text or email whenever funds are being withdrawn or for other forms of account activity. And Facebook can also send you a SMS message whenever someone logs in with a different browser.
- Create backups. Email clients like Microsoft Outlook create offline copies of all your correspondence, which is helpful in the case when your account is compromised.
(via Technology Review)
Learn more about internet security on SmartPlanet:
- How phone hacking works (and other lessons from the News Corp. scandal)
- Dramatic video: hacker vs. computer
- Infographic: How Stuxnet supervirus works
- The 25 worst passwords of 2011
- Four easy-to-remember passwords that will protect you for life
Hacking in the News:
- New software may end internet censorship once and for all
- Virus attacks military drones, exposes vulnerabilities
- Anonymous hacktivists add Stuxnet code to their arsenal
Dec 18, 2011
You wrote "Open Wi-Fi that provides open access for crooks. Wireless access points that aren???t encrypted means anyone using the same network can ???sniff??? out your password information." Passwords are encoded via SSL/TLS before they are transmitted. If they are sniffed on an open network, the hacker will see only an undecipherable encoded block of data. The danger of open Wi-Fi networks is that if your computer security is inadequate (say, for example, that you "shared" your hard disk without password so you could transfer photographs to another computer at your home, and forgot to turn sharing off) the bad guy could read personal information from your computer.