Archive for January, 2010


If Your Password Is 123456, Just Make It HackMe

Back at the dawn of the Web, the most popular account password was “12345.”

Despite all the reports of Internet security breaches over the years, including the recent attacks on Google’s e-mail service, many people have reacted to the break-ins with a shrug.

According to a new analysis, one out of five Web users still decides to leave the digital equivalent of a key under the doormat: they choose a simple, easily guessed password like “abc123,” “iloveyou” or even “password” to protect their data.

2 million passwords that an unknown hacker stole last month from RockYou, a company that makes software for users of social networking sites like Facebook and MySpace. The list was briefly posted on the Web, and hackers and security researchers downloaded it. (RockYou, which had already been widely criticized for lax privacy practices, has advised its customers to change their passwords, as the hacker gained information about their e-mail accounts as well.)

Imperva found that nearly 1 percent of the 32 million people it studied had used “123456” as a password. The second-most-popular password was “12345.” Others in the top 20 included “qwerty,” “abc123” and “princess.”

More disturbing, said Mr. Shulman, was that about 20 percent of people on the RockYou list picked from the same, relatively small pool of 5,000 passwords.

ut bowing to the reality of our overcrowded brains, the experts suggest that everyone choose at least two different passwords — a complex one for Web sites were security is vital, such as banks and e-mail, and a simpler one for places where the stakes are lower, such as social networking and entertainment sites.

Mr. Moss relies on passwords at least 12 characters long, figuring that those make him a more difficult target than the millions of people who choose five- and six-character passwords.

“It’s like the joke where the hikers run into a bear in the forest, and the hiker that survives is the one who outruns his buddy,” Mr. Moss said. “You just want to run that bit faster.”

Is your password on the most popular list?  Check it out, Full Article Here via YahooFinance


Data doesn’t lie: “MySpace angles” are the best for hookups

It’s 2010 and online dating has become so ubiquitous that it’s not only socially acceptable, it’s practically the go-to when people decide it’s time to meet someone new. One advantage to it all being on the Internet, though, is that we can discover what works—do people really respond to the things they claim are important to them? When it comes to profile pictures, it seems that everything most thinking adults assumed would be true is false—those awful “kissy face” pictures, the MySpace angles, phone-pics-in-the-mirror, and pics that don’t even show your face are apparently quite effective in generating interest in the opposite sex.

The most shocking conclusion in OKCupid’s report is that the much-maligned “MySpace angle“—a self-photo taken at an unrealistic and overly-flattering angle—is wildly successful for female users. Women who use these photos in their profiles receive an average of more than 15 new contacts on a monthly basis. The overall average was between 8 and 9 new contacts for “normal” photos, and a photo of a woman doing an interesting activity falls below average at just 8 new contacts per month. OKCupid’s operators were themselves shocked at this and even tried to exclude all “MySpace angle” shots that included cleavage, but there was no change in the result. Men just seem to love that angle no matter how misleading it can be.

Full Article Courtesy ArsTechnica


Half of employers check Facebook, other social networks

More than half (53 percent) of employers research potential job candidates on social networks such as Facebook, says

Research by the job search Website revealed that a further 12 percent said they were planning to start using social network sites to check out potential employees.

Of those that do research candidates on the web, 43 percent said they relied on search engines, while 12 percent admitted to checking Facebook, and another 12 percent preferred LinkedIn.

CareerBuilder also said that two in five employers said they had found content on a social network that dissuaded them from hiring a candidate.

Full Article Here via MacWorld


AT&T Cell Phones Breach Internet Security, not just with Facebook

A Georgia mother and her two daughters logged onto Facebook from mobile phones last weekend and wound up in a startling place: strangers’ accounts with full access to troves of private information.

The glitch — the result of a routing problem at the family’s wireless carrier, AT&T — revealed a little known security flaw with far reaching implications for everyone on the Internet, not just Facebook users.

In each case, the Internet lost track of who was who, putting the women into the wrong accounts. It doesn’t appear the users could have done anything to stop it. The problem adds a dimension to researchers’ warnings that there are many ways online information — from mundane data to dark secrets — can go awry.

Several security experts said they had not heard of a case like this, in which the wrong person was shown a Web page whose user name and password had been entered by someone else. It’s not clear whether such episodes are rare or simply not reported. But experts said such flaws could occur on e-mail services, for instance, and that something similar could happen on a PC, not just a phone.

“The fact that it did happen is proof that it could potentially happen again and with something a lot more important than Facebook,” said Nathan Hamiel, founder of the Hexagon Security Group, a research organization.

Full Story Here via ABC News


Teacher’s Aide Asked To Resign Over Nude Photo

A teacher’s aide depicted in a nude photo that made the rounds in the Bangor Area School District has been asked to resign. The resignation request comes from Superintendent John Reinhart. Someone took the aide’s phone and distributed the photo around the district. The aide isn’t being identified, but apparently the woman has worked for the district for six years. We’re told she hasn’t been at work for several days.

View Video Courtesy WFMZ


FAQ: Using your smartphone safely

Smartphones aren’t just smart, they’re personal computers. Unlike a desktop or even a laptop PC, those devices and other mobile phones can easily slip out of a pocket or purse, be left in a taxi, or get snatched off a table.

They let you store photos, access e-mails, receive text messages, and put you one browser click away from potentially malicious Web sites.

In effect, gadgets like the Apple iPhone and those running Google’s Android software can be as risky to use as PCs, except that the wide variety of mobile platforms has deprived malicious hackers of one dominant software element to target, such as they have with Microsoft’s Windows operating system on desktops and laptops.

Look at the different types of threats that affect smartphone users and what people can do to protect themselves.

Losing your mobile phone is the biggest security threat to your smartphone. Mobile device users should also be careful about leaving the phone unattended, or loaning it to people. Spyware can be installed without you knowing it. For instance, the PhoneSnoop program can be used with BlackBerry devices to remotely turn the microphone on to eavesdrop on nearby conversations.

They can get viruses – Mobile viruses, worms and Trojans have been around for years. They typically arrive via e-mail but can also spread via SMS and other means

Smartphone users are vulnerable to e-mail and Web-based attacks like phishing and other social-engineering efforts. All attackers have to do is create a malicious Web page and lure someone to visit the site where malware can then be downloaded onto the mobile device.

Recognizing phising emails. Researchers also showed how an attacker could spoof an SMS to make it look like it comes from the carrier to get the target to either download malware or visit a site hosting it.

Safe to use Wi-Fi and Bluetooth? Yes and no. If you are doing something sensitive on your phone, like checking a bank account or making a payment, don’t use the free Wi-Fi at a coffee shop or other access point. Use your password-protected Wi-Fi at home or the cellular network to avoid what is called as a man-in-the-middle attack in which traffic is intercepted. Pairing a mobile phone with another Bluetooth-enabled device, like a headset, means any device that can “discover” another Bluetooth device can send unsolicited messages or do things that could lead to extra fees, data being compromised or corrupted, data stolen in an attack called “bluesnarfing,” or the device being infected with a virus.

“Regardless of what type of cell phone, the most dangerous current threat is through a cellphone’s in/out message boxes,” he said. “Clear (them) out regularly. Do not transmit full account numbers, PIN or passwords within a text message unless you immediately delete the out box message.”

Full Article via CNN

Twitter Button from

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 7 other followers