Passwords are the combination to the safe containing all your secrets. But they are easier to guess – or steal.
In the high speed world of computers, 30 days is old. Did you read about the Russian hackers stealing 1.2 billion passwords? That means chances are fairly good they got some of yours. This also means it’s time to change passwords. Yes, it’s a pain to constantly change passwords, but it may also save your bank account, your credit rating, your business, and even your criminal future. Yes, you may become a victim of identity theft which could result in your arrest for criminal activity. It happens, and it happened to Tallie Gainer in Tampa on August 1:
Tallie Gainer III became a victim of identity theft. Adding insult to injury, police arrested him in front of his children, and he was charged with check fraud, even though he had earlier reported his wallet, identification and credit cards stolen. From http://www.totalcriminaldefense.com/news/articles/unusual/identity-theft/
While password keepers may provide a way to store all of your passwords in one location so you don’t forget them – they also store all of your passwords in one location which, if compromised, would give the hacker all of your passwords. So what’s the work around? Use long phrase passwords with numbers and punctuation. An example may be:
Of course you think this is ridiculous. I doubt you also think it’s ridiculous to change clothes every day, change toothbrushes every month, and change the oil in your vehicles every 3 months or 3000 miles. But, you do it. Why? To protect your self and your vehicles. Digital compromise now is simply a part of modern life – a part of modern life that is constantly under assault from people who would love for everyone to let their guard down. Change your passwords regularly; Every month is highly recommended. Or, leave it to chance and see if it works out okay for you…
It happens. It happens to almost everyone at some point. Usually the bigger the target and the higher the reward the more likely you are to be hacked. Or, if you are hosting on a community site which serves large numbers of people. It also happens to sites with very little traffic but low site security including old widgets which may be running on the site.
Last week my friend Danny Brown had his Facebook page hijacked and there was a lot of buzz about that in the social sphere but that’s not what I’m writing about today. In Danny’s case someone, someone he knew obviously, guessed his Facebook login and proceeded to have their way. What I am writing about today is the anonymous hacker who uses your platform to launch their attack. That attach may be a vicious attack or simply spam. Either way it’s bad for you and bad for all netizens.
When you think of hackers in this case don’t think of some pimple faced post-teen cowarded in his parent’s basement surrounded by pizza boxes and Dr. Pepper cans. In this case think about sophisticated programmers who have written automated scripts to dig for vulnerabilities and seize on them automatically when found. There is no human involvement other than turning on the application and letting it do it’s work. The target? Installations of big scripts like WordPress or Joomla with outdated plugins, themes and widgets which provide an easy hole to walk right in and take over.
What is a URL redirect hack?
The most common attack these days are URL redirects where the script finds the vulnerability and leverages that to re-write something called the .htaccess file. This file tells the browser of any visitor, human or bot, how they can interact with the server. It contains directives about the site including where clicks are directed to and how quickly. It’s very simple to write a replacement .htaccess file if you have access to the server which can be gained by finding a plugin which opens the file for writing. So happened, and is still happening, with a particular version of the timthumb.php script which is widely used in hundreds if not thousands of themes and plugins.
Have you ever logged in to Twitter to see that you have been posting, mentioning people or maybe even sending instant messages to people but you haven’t been near your account for hours? It happens. When it does, provided you haven’t given some rogue programmer or site master your login information, you can control access to your account. There are several legitimate applications who ask for permission to access your account for varying reasons. Seesmic, for example, needs to be able to login as you, post as you and send instant messages as you. Paper.li needs to be able to read as you to work and wants to post as you so it can spam all of the people it copied when it posted.
You can turn off access to your Twitter account to any application using the Twitter API by following some very, VERY simple steps. Watch this short video on YouTube for a quick walk-through showing exactly how to do this.