Cover up

Covering up your camera and microphone

Are you as cautious as I am? The first thing I do when purchasing a new laptop is cover up the camera with a piece of cardboard or sticky tape. I have been writing about this practise for many years. 

A photo posted on Tuesday by Facebook creator and CEO Mark Zuckerberg (above) showed his laptop computer in the background. You can clearly make out sticky tape placed over the camera. Mashable are also reporting that the image shows the microphone input covered up also. 

In this day and age you can never be too careful. Once a hacker has gained access to your computer, they can activate your audio and listen in to sounds around your computer, while also activating the camera to spy on you. 

As with anything in life, it's always best to play it safe. Cover up!

 

Passwords

Researchers may have discovered a way to create perfect passwords

We’re all aware of the importance of a strong password, although the strongest are almost impossible to remember. Researchers may have found a poetic way to tackle this problem.

The conundrum of perfect passwords is one we all have to manage each day. Websites will often ask you for an eight-digit (minimum) password that contains a random selection of upper and lower case letters combined with numbers and the odd symbol, such as a dollar sign or ampersand. In theory, coming up with these passwords may be easy enough, but remembering them can almost make your head explode. In short, a strong password will be impossible to remember, but an easy-to-remember password may end up being quite weak or ‘hackable’.

However, researchers Marjan Ghazvininejad and Kevin Knight from the University of Southern California (USC) may have solved this dilemma, and have recently published a paper that advises people on how they may be able to create ‘uncrackable’, memorable passwords.

The USC researchers were inspired by a clever Xkcd comic created by Randall Munroe, which showed how a phrase consisting of four random words could make the perfect password. The example given was "correct horse battery staple", and it’s believed to be more secure and more memorable than the combination of random letters, numbers and symbols recommended by most online security experts.

 

The theory behind the security of a random word phrase such as ‘correct horse battery staple’ is based on cryptography. According to Kevin Knight:

“The secret here is that those four random words are actually generated based on one very large random number. That random number is then broken up into segments, each of which corresponds with a word in the dictionary. It's basically a form of cryptography. To guess the full random number, a computer might have to test billions of billions of billions of possibilities before it hits on the right one.”

Randall Munroe proposed using this large number to pick four random words, but Ghazvininejad and Knight think that the most secure and memorable formula is to use four (or more) words to create a random word poem.

They do this by assigning every word in the dictionary with a distinct code. They then use a computer program to generate a very long random number, which is broken into smaller pieces and then translated into two short phrases. The final phrase consists of two lines rhyming in iambic tetrameter. Confused? Here are some examples:

Australia juggernaut employed

the Daniel Lincoln asteroid

or

A peanut never classified

expected branches citywide

These passwords may sound simple, but Mr Knight estimates that it would take a modern-day  computer around 5-million years to crack them. Pretty secure, huh?

They’ve even created an online password generator for people to try out. At the moment, it’s still in testing phase, so it’s advised that you don’t use them for your password until all the kinks are ironed out. In the meantime, if you’d like a poem password, you can provide Ghazvininejad and Knight with an email address and they’ll generate a secure password for you.

Read more The Age

Related articles:
Best password managers
Is the password dead?
The worst passwords

 

Fake emails

How to tell the difference between real and fake emails

 

According to the latest Kaspersky Lab statistics, around 60 per cent of emails sent worldwide are spam. The vast majority of these spam emails are created to scam you of your hard-earned money. So Drew explains how to spot a fake email. 

What to look for?
Scammers are becoming more cunning than ever before with how they create scams and the words that they use in those emails. While emails from the prince of Nigeria asking you to help transfer some money in exchange for a percentage for your troubles have fallen off significantly, local and online service scams are rising. 

Anyone using an email address ending with .au is being targeted at a more specific level than someone using a .com email address. This is because the scammer knows your email address relates to a person living in Australia. 

Be on the lookout for emails from Telecommunication companies (Optus/Telstra etc), banking institutions (Westpac, Commonwealth Bank etc), online payment services (Paypal, Western Union), mail companies (Fed EX or Aus Post) and the Australian Tax Office (ATO). 

Before opening an attachment or clicking through to a website, be sure that you are expecting an email, including the information, from the company. The trick I find most useful in determining whether an email is a scam is to scroll my mouse over the linked information in the email. By doing this, a display of the website url you’d be taken to will be shown. This will allow you to make an educated decision (if the link is going to www.telstra.com.au then you know it is a real email).

Another trick is to also check the email address from which you received the email. If it looks dodgy or untypical of that organisation, it’s most likely unsafe. 

As with anything in life, if an offer sounds too good to be true, it generally is. Never click a link that you aren’t expecting.

Related articles:
Email in real life
Email etiquette
How to set up email on Apple devices 

 

Accounts Hacked

425 million user accounts hacked in massive online security breach

In what is being called the biggest online security breach of all time, the usernames, email addresses and passwords of 425 million Myspace and Tumblr users have been hacked and are now available for sale online. The hacked data emerged for sale through a well-known hacker website and is available for purchase price of $4300. Both Myspace and Tumblr have confirmed that the user data was compromised as a result of security breaches several years ago.

These breaches are not isolated incidents. Just last month, LinkedIn confirmed a breach of 164 million accounts back in 2012, which was only revealed after the compromised data emerged for sale online. A hacker group that has stolen more than one billion passwords in the past few years is believed to be responsible for all three breaches.

In all three cases though, credit card or bank details were not stolen. The hackers were simply after email addresses and user passwords. With this information, hackers can attempt to access other websites and email accounts.

The lesson we all need to learn from these security breaches is that you just cannot trust anyone except yourself to keep your data secure. Take action at your end by ensuring that your email passwords are different to those used for any other website. It is also highly recommended that you take your security protocols one step further by using unique passwords for each different website you visit.

Find out if your email address has compromised at www.haveibeenpwned.com
Read more from www.theage.com.au
Read more from www.arstechnica.com

Related articles:
The worst passwords of 2015
Never again forget your passwords