Defense Against Crime

28/01/2019

Password Correct..Access Granted


In this digital age, almost all of us are using a computer to access messages, social media cyber thief-hackernetworks, manage some aspects of our financial life, some other aspect of personal computer usage that puts aspects of our lives open to someone who has the key. I usually tell people not to hide their residence keys in obvious places, like under the welcome mat. The same common sense should be used is hiding the digital keys to the virtual residences of our lives. How safe would you feel is a crook has the keys to your house? The same sense of security should be taken when it comes to wanting to secure. One of the sad things is that we can unknowingly tell clues about our lives online in places like Facebook, or blogs, or ancetry.com that a thief can use to help him figure out possible passwords. If any of you have seen the 1983 movie War Games, you may remember that the Hacker was able to gain access to the system, by figuring out that the programmer used the name of his dead son as his backdoor password.

To highlight the necessity of securing your digital life should be news story accounts of security breaches at Abbot Labs,  IBM, Sony, Booz Allen Hamilton, Fox News, NBC, New York Times, Apple, Microsoft, Facebook, Twitter, Linkedin, the US Government and hundreds of other companies. These stories have exposed how insecure or unprepared these major websites and companies, to which consumers like you and I entrust their personal information really are. While we expect some level of security at a corporation, ultimately, your security is your responsibility. Unfortunately one of the side effects of this is that these stories have exposed, is just how helpless we can be. Close examination of a sample set of 40,00 username and passwords out of a sample size of over a million have revealed some interesting results.

Some analysis results:

  1. The analysis showed about 50% of the passwords are less than eight characters long. Eight characters are considered, the minimum length you should even consider when choosing a strong password.  (These passwords only take less than a minute  for a PC to crack) 2. Only 4@ percent of the passwords analyzed used at least makes use at least three of the four character types (Upper case letters, lower case letters, numbers, special characters like #|*. The vast majority only used one character type, such as all lowercase letters or all numbers.  (These passwords only take about 3 days for a PC to crack) 3.. Over 33% of the analyzed were not a random character like “qp}Edhg!13evTOI” rather than “ILikeSpock”. These analyzed passwords could be found in a common password dictionary. The most frequent passwords use included: Seinfeld, password, 123456, purple, princess, Maggie, peanut, shadow, ginger, Michael, Buster, sunshine, trigger, cookie, George, summer, Taylor, Bosco, abc123, Ashley, and bailey.  (most of these take less than a second for a PC to crack, ‘IlikeSpock’ takes about a year) 4. 67% of users had the exact same username/email and password on different systems used the same password on both systems. BAD BAD BAD

6 Simple Rules for some great passwords

  • NEVER choose passwords less than 8 characters long and that is made up solely of numbers or letters. Use letters of different cases, mixtures of digits and letters, and/or non-alphanumeric characters. The longer a password the better so strive for passwords over 8 characters long. If some systems limit the numbers of characters. It’s doesn’t have to be complex as “Picard-Delta-47-Alpha-21” or “173467321476C32789777643T732V73117888732476789764376” which would take a PC 14 octillion  years and 6 vigintillion years to crack respectively
  • Randomness is also key to a great password. NEVER choose a password based upon personal data like your name, birthday your username, or other information that one could easily discover about you from such sources as searching the internet.
  • Create a list of 10-12 such as Qy#i1827Vbsg12348()17w passwords that are random and use a password management program like 1Password or LastPass, or create and remember a password recipe or simple padding pattern.
  • NEVER choose a password that is a word (English, German, or otherwise), proper name, the name of a TV shows, or anything else that one would expect a clever person to put in a “dictionary” of passwords. Especially if it can be found it’s something you’re found of like ‘Hello Kitty’, ‘Disney’, etc
  • NEVER choose a password that is a simple transformation of a word, such as putting a punctuation mark at the beginning or end of a word, converting the letter “l” to the digit “1”, writing a word backward, etc. For example, “password,123” is not a good password, since adding “,123” is a common, simple transformation of a word. Neither is using password where you have substituted the number zero for the letter “o”
  • NEVER EVER EVER use the same password for all your logins (have at least 5).

How to Make Up a Great Password

Passwords should contain a mix of the following sets

  1. lowercase letters
  2. uppercase letters
  3. Numbers
  4. special characters !,#,$,+,%,~ etc
  5. Should be longer than 8 Characters
    1. Example the Password 1@Tf%s&E9Tewhich is based on the numbers 1-2-3-4-5-6-7-8-9-10 would take a PC 4 Thousand years to hack.

Password Levels

  • Level One – contains at least one of the character sets
  • Level Two – contains at least two of the character sets
  • Level Three- contains at least three of the character sets
  • Lever Four-contains all four character sets
  • You can Include some simple substitution like 3 for ‘e’, zero for the letter ‘O’, 1 for ‘I’, 7 to T, 2 for S

Example of how to create a good password

  1. Think of two unrelated things you like computer & socks books & dogs autumn & chocolate OR a phrase from one of your favorite movies or tv shows
  2. Join the words with a non-alphabetic character or two. (#,+,|,!..etc.)
  3. Make at least one change (for example, uppercase a letter or add another character) to one of the words (preferably not just at the very beginning or end of the password).
  • Some example passwords generated using this method:
    • C0mput3r%socks
    • B00ks #dogs
    • Autumn|choc0lat3
    • Gen3sis_Doggi3
    • 76TltbpWa110ccah# – (Seventy-six trombones led the big parade With a hundred and ten cornets close at hand.)
    • 2bo!2b_TitQ – -(To Be or Not To Be The Question)
    • I106mtC_wgaftog_hap0c_1dawws -It’s 106 miles to Chicago, we got a full tank of gas, half a pack of cigarettes, it’s dark… and we’re wearing sunglasses. Read more: Music Man – Seventy-six Trombones Lyrics | MetroLyrics
  • Books like the Bible have a great resource to create passwords as it has over 31,173 verses you can use. You can use Bible verses to create passwords like Joshua24I5$, 54Isa1ah17 *, Pr0v3rbs9_8%, J8hn316*
  • Convert from the Arabic-Hindu Number system into the Hexadecimal System so that you can say BacktoTheFuture1151955 and make it Back#T0#Th3#Future_1193D3

Biometric passwords – There is an increase of computers gives you the ability to use biometric data such as facial recognition, fingerprint, retina pattern or voice print data to generate a unique password based on your data. However, there have also been reported successful hacks for these methods.   An example of this would we be the Apple fingerprint lock, which was able to be bypassed the week it was released.

Second Key Authentication: Many systems like Facebook, Google, Yahoo, Hotmail, PayPal, and even financial institution offer second key authentication. In this method, you give the institutions your mobile phone number. When you attempt to login, the system sends a special random access code to the users mobile phone. To complete a log in the user must type in this code. Which mean they have to have your phone.

Personal Info Authentication: Many systems ask the user to select personal info questions to set up their user accounts such as the color of your first car, or mother’s maiden name, or best friend. These questions are to help users in case they have forgotten your password.  Be careful what info you select! Some information is public information or can be gathered from your Facebook profile.  For example, if your question is ‘Name of the High School you attended?’ and you are a member of the Eric Erickson High School group on facebook, then it’s not hard to answer this question.  What I can suggest is giving easy to nonsense answers like the J3di Acad3my. For example for all your selected question, put in the name of your favorite something (recording artist, fruit, book, author).  I mean if you select mother’s maiden name as your question, and typed in Mayberry.  it is highly improbable that anyone trying to hack your account will guess that.

CHANGE YOUR PASSWORD…OFTEN

Most computer security professionals recommend changing your Internet passwords and account login information at least once every three to six months. Though some debate if it is necessary, however, if you want to be safe change it at least once a year, like a month before or after your birthday and make it an annual reminder on your calendar. It may be safe for you to wait longer; it just depends on your computer habits, and how and where you surf the web. I recommend changing all your passwords at a minimum of once a year, perhaps the day after your birthday, or on New Year’s day, or the first day of spring (spring cleaning). Changing all of your Internet passwords can be a time-consuming and even an exasperating task, especially if you have lots of online accounts. But it is a sure way to guarantee a modicum level of safety; however, it is not the only safety precaution that should be considered for your login information. Whether you bank online or you are just sending a few simple emails, secure passwords are essential. You’ve heard of problems caused by hackers, who use your account to do illegal activity. There have been incidents of people not only hacking into people’s e-mail, or Facebook accounts but sending vicious messages.

 

You should avoid writing down your password or giving it to others. You should especially avoid writing it down and leaving it in a non-secured place such as on a post-it on your monitor or a piece of paper in your desk. If you absolutely must write something down (because you suffer from CRS), we suggest doing the following:

  • Don’t write down the entire password, but rather a hint that would allow you (but nobody else) to reconstruct it.
  • Keep whatever is written down in two places like a small notebook or other places that only you have access to and where you would immediately notice if it was missing or someone else gained access to it. (like in the movie Ghost)
  • Keep a list of 10 to 12 passwords of length 10 to 20 characters that you only use for 1 year, and then create new ones each year
  • Treat the not book like the One Ring – Keep it secret -Keep it Safe

TEST YOUR PASSWORD

There are several great websites that will examine your password and tell you how strong that is. Such sites include

  1. http://www.passwordmeter.com/
  2. https://howsecureismypassword.net/

However remember that hackers have tools as well, so you should have as many security measures to help reduce your chances of being hacked. Many sites link PayPal, Google, Facebook, Twitter and more have code key authentication features. You can turn these on, and when you (or anyone else) attempts to log in to your account, a numeric code is sent to your cell phone, and you need to type in that code to log in.  Sometimes it’s a hassle, especially if you lose or don’t have your phone with you.

 

NEVER EVER – TELL ANYONE YOUR PASSWORDS or LET SOMEONE KNOW WHERE YOU KEEP THEM..except in your will.

PepperEyes.com Self-Defense Products Store is dedicated to providing you with the best and most affordable self-defense products, survival and safety products on the market to meet the security needs of you, your family members or your business, by assisting anyone who is unwilling to become a victim of crime.  If you want to take personal responsibility for protection, home security, business security, purchase our high-quality discount self-defense products. Survival kits and arm yourself with the knowledge about self-defense and security products and information on the best way to stay secure in an ever-increasing violent world. In today’s society, being equipped mentally and physically is no longer an option. Victor Swindell of PepperEyes.com is a division of Onyx Knight Enterprises.

 

13/02/2015

Protect yourself from being hacked!


Cybercrime such as hacking is on the rise…and it’s up to you to protect yourself!  As you all know, once a week or so I like to share tips to keep your life home, business or body safe.  PepperEyes.com is about offering the best life safety solutions in an ever changing world.  Today I’m writing about cyber phishing ..again. The reason is simple I continuously get bait e-mail that tries to phish our corporate e-mails. It’s is because some employees or family members fall for these old tricks that allow corporate, financial, government or home computers to get phished or hacked.   Over the holidays I had someone who became victims of ransomware and she said she had a virus checker and all. My analogy to this is that you can have the best security system to keep burglars out of your house, bank or business, but if you open the door and let them in, then your security system is useless to stop the criminal.

So cybercriminals, try to avoid all of your software security solutions by using the flawed human factor. See all a criminal need to do is drop a few virus loaded flash drive around a business, or use a technique called spear phishing.  All it takes is one curious employee to take the flash drive and plug it into a corporate computer to see what is on it. In the case of spear phishing, the user gets what looks like a realistic e-mail from a real person or company, but contains a malware link, or is used to obtain personal information. In the case of the flash drive method, one of the files or pictures can easily install a malware that can do damage to their computer, and every computer or server that user has access.

The favorite cyber flavor of the month, is a realistic e-mail from companies you may do business with alerting you to a problem with your account.

Take a look at this email.


Amazon

Looks legitimate.  It has a realistic logo to make it look official  SO how do I know it’s not real.

If I put my mouse on the HERE link I can see the URL does not even go to an Amazon account.  It goes to some site in the Netherlands. The other two links, however, do go to Amazon.  In addition, the e-mail is not addressed to me.

To help you protect yourself from phishing, we offer the following tips:

  1. LEARN TO IDENTIFY SUSPECTED PHISHING TRICKS
    1. There are some qualities that identify an attack through an email:
      1. They duplicate the image of a real company.
      2. Copy the name of a company or an actual employee of the company.
  • Include sites that are visually similar to a real business.
  1. The URL in the e-mail does not go back to the business
  2. Promote gifts or the loss of an existing account.
  3. Come from unrecognized senders.
  • The message isn’t personalized
  • Try to upset you into acting quickly by threatening you with frightening information
  1. TRUST BUT VERIFY
    1. Do not click on links, download files or open attachments in emails from unknown senders. It is best to open attachments only when you are expecting them and know what they contain, even if you know the sender.
    2. Good hackers can use e-mails addresses from your address both to trick you into thinking it is from a friend or relative.
    3. Go directly to that companies web site by typing in the URL, and check to see what is going on, if anything.
  2. CHECK THE SOURCE OF INFORMATION FROM INCOMING MAIL
    1. Your bank will never ask you to send your passwords or personal information by mail. Never respond to these questions, and if you have the slightest doubt, call your bank directly for clarification.
  3. NEVER GO TO YOUR BANK’S WEBSITE BY CLICKING ON LINKS INCLUDED IN EMAILS
    1. Do not click on hyperlinks or links attached in the email, as it might direct you to a fraudulent website.
    2. Communicate personal information only via phone or secure websites (https)
      1. Also, beware of phone phishing schemes. Do not divulge personal information over the phone unless you initiate the call. Be cautious of emails that ask you to call a phone number to update your account information as well.
    3. Type in the URL directly into your browser or use bookmarks/favorites if you want to go faster.
  4. BEWARE OF POP-UP BOXES
    1. Never enter personal information in a pop-up screen
    2. Do not click on links in a pop-up screen
    3. Do not copy web addresses into your browser from pop-ups
  5. ENHANCE THE SECURITY OF YOUR COMPUTER
    1. Common sense and good judgment is as vital as keeping your computer protected with a good antivirus to block this type of attack.
    2. In addition, you should always have the most recent update on your operating system and web browsers.
  6. ENTER YOUR SENSITIVE DATA IN SECURE WEBSITES ONLY
    1. Legitimate enterprises should never ask you to submit personal information in pop-up screens, so don’t do it
    2. In order for a site to be ‘safe’, it must begin with ‘https://’ and your browser should show an icon of a closed lock.
  7. PERIODICALLY CHECK YOUR ACCOUNTS
    1. It never hurts to check your bank accounts periodically to be aware of any irregularities in your online transactions.
  8. PHISHING DOESN’T ONLY PERTAIN TO ONLINE BANKING
    1. Most phishing attacks are against banks, but can also use any popular website to steal personal data such as eBay, Facebook, PayPal, etc.
  9. PHISHING KNOWS ALL LANGUAGES
    1. Phishing knows no boundaries and can reach you in any language. In general, they’re poorly written or translated so this may be another indicator that something is wrong.
    2. If you never you go to the Spanish website of your bank, why should your statements now be in this language?
  10. HAVE THE SLIGHTEST DOUBT, DO NOT RISK IT.
    1. The best way to prevent phishing is to consistently reject any email or news that asks you to provide confidential data.
    2. Delete these emails and call your bank to clarify any doubts.
  11. CHECK THIS BLOG  FREQUENTLY TO READ ABOUT THE EVOLUTION OF MALWARE

PepperEyes.com simply exists to provide you a large selection of quality self-defense and life safety solutions such as pepper sprays, stun guns and other high quality self-defense products, and survival kit products for homeowners, business, schools, college students, and government agencies, or anyone who is seeking to defend themselves or property against potential criminal and natural threats.

06/06/2012

Beware of this Hacking Scam


I got this from C-Net

Beware Scam computer techs


These perpetrators are making calls to people’s homes disguising themselves as computer tech support from a well-known company, claiming you may be infected by a computer virus. They ultimately want you to give them access to your computer to fix the issue. And once they have access, who knows what will get compromised?

I have had a friend who is tech savvy who did get one of these calls, and she asked what I.P. address they have listed.  The scammers then hung up. However, surprisingly, this is not only happening quite frequently, but also happening across the globe.

The good thing is that unless you give these scammers access to your computer, your system won’t get compromised, at least not from these people.

So, please beware folks!

PepperEyes.com is dedicated to providing you with the best and most affordable personal protection products on the market to meet the security needs of you, your family members or your business, by assisting anyone who is unwilling to become a victim of crime.  If you want to take personal responsibility for yourself, your home or your business, purchase our high quality discount personal protection products and arm yourself with the knowledge of the best way to stay secure in an ever-increasing violent world. In today’s society being equipped mentally and physically is no longer an option

Create a free website or blog at WordPress.com.

%d bloggers like this: