Defense Against Crime

28/01/2019

Password Correct..Access Granted


In this digital age, almost all of us are using a computer to access messages, social media cyber thief-hackernetworks, manage some aspects of our financial life, some other aspect of personal computer usage that puts aspects of our lives open to someone who has the key. I usually tell people not to hide their residence keys in obvious places, like under the welcome mat. The same common sense should be used is hiding the digital keys to the virtual residences of our lives. How safe would you feel is a crook has the keys to your house? The same sense of security should be taken when it comes to wanting to secure. One of the sad things is that we can unknowingly tell clues about our lives online in places like Facebook, or blogs, or ancetry.com that a thief can use to help him figure out possible passwords. If any of you have seen the 1983 movie War Games, you may remember that the Hacker was able to gain access to the system, by figuring out that the programmer used the name of his dead son as his backdoor password.

To highlight the necessity of securing your digital life should be news story accounts of security breaches at Abbot Labs,  IBM, Sony, Booz Allen Hamilton, Fox News, NBC, New York Times, Apple, Microsoft, Facebook, Twitter, Linkedin, the US Government and hundreds of other companies. These stories have exposed how insecure or unprepared these major websites and companies, to which consumers like you and I entrust their personal information really are. While we expect some level of security at a corporation, ultimately, your security is your responsibility. Unfortunately one of the side effects of this is that these stories have exposed, is just how helpless we can be. Close examination of a sample set of 40,00 username and passwords out of a sample size of over a million have revealed some interesting results.

Some analysis results:

  1. The analysis showed about 50% of the passwords are less than eight characters long. Eight characters are considered, the minimum length you should even consider when choosing a strong password.  (These passwords only take less than a minute  for a PC to crack) 2. Only 4@ percent of the passwords analyzed used at least makes use at least three of the four character types (Upper case letters, lower case letters, numbers, special characters like #|*. The vast majority only used one character type, such as all lowercase letters or all numbers.  (These passwords only take about 3 days for a PC to crack) 3.. Over 33% of the analyzed were not a random character like “qp}Edhg!13evTOI” rather than “ILikeSpock”. These analyzed passwords could be found in a common password dictionary. The most frequent passwords use included: Seinfeld, password, 123456, purple, princess, Maggie, peanut, shadow, ginger, Michael, Buster, sunshine, trigger, cookie, George, summer, Taylor, Bosco, abc123, Ashley, and bailey.  (most of these take less than a second for a PC to crack, ‘IlikeSpock’ takes about a year) 4. 67% of users had the exact same username/email and password on different systems used the same password on both systems. BAD BAD BAD

6 Simple Rules for some great passwords

  • NEVER choose passwords less than 8 characters long and that is made up solely of numbers or letters. Use letters of different cases, mixtures of digits and letters, and/or non-alphanumeric characters. The longer a password the better so strive for passwords over 8 characters long. If some systems limit the numbers of characters. It’s doesn’t have to be complex as “Picard-Delta-47-Alpha-21” or “173467321476C32789777643T732V73117888732476789764376” which would take a PC 14 octillion  years and 6 vigintillion years to crack respectively
  • Randomness is also key to a great password. NEVER choose a password based upon personal data like your name, birthday your username, or other information that one could easily discover about you from such sources as searching the internet.
  • Create a list of 10-12 such as Qy#i1827Vbsg12348()17w passwords that are random and use a password management program like 1Password or LastPass, or create and remember a password recipe or simple padding pattern.
  • NEVER choose a password that is a word (English, German, or otherwise), proper name, the name of a TV shows, or anything else that one would expect a clever person to put in a “dictionary” of passwords. Especially if it can be found it’s something you’re found of like ‘Hello Kitty’, ‘Disney’, etc
  • NEVER choose a password that is a simple transformation of a word, such as putting a punctuation mark at the beginning or end of a word, converting the letter “l” to the digit “1”, writing a word backward, etc. For example, “password,123” is not a good password, since adding “,123” is a common, simple transformation of a word. Neither is using password where you have substituted the number zero for the letter “o”
  • NEVER EVER EVER use the same password for all your logins (have at least 5).

How to Make Up a Great Password

Passwords should contain a mix of the following sets

  1. lowercase letters
  2. uppercase letters
  3. Numbers
  4. special characters !,#,$,+,%,~ etc
  5. Should be longer than 8 Characters
    1. Example the Password 1@Tf%s&E9Tewhich is based on the numbers 1-2-3-4-5-6-7-8-9-10 would take a PC 4 Thousand years to hack.

Password Levels

  • Level One – contains at least one of the character sets
  • Level Two – contains at least two of the character sets
  • Level Three- contains at least three of the character sets
  • Lever Four-contains all four character sets
  • You can Include some simple substitution like 3 for ‘e’, zero for the letter ‘O’, 1 for ‘I’, 7 to T, 2 for S

Example of how to create a good password

  1. Think of two unrelated things you like computer & socks books & dogs autumn & chocolate OR a phrase from one of your favorite movies or tv shows
  2. Join the words with a non-alphabetic character or two. (#,+,|,!..etc.)
  3. Make at least one change (for example, uppercase a letter or add another character) to one of the words (preferably not just at the very beginning or end of the password).
  • Some example passwords generated using this method:
    • C0mput3r%socks
    • B00ks #dogs
    • Autumn|choc0lat3
    • Gen3sis_Doggi3
    • 76TltbpWa110ccah# – (Seventy-six trombones led the big parade With a hundred and ten cornets close at hand.)
    • 2bo!2b_TitQ – -(To Be or Not To Be The Question)
    • I106mtC_wgaftog_hap0c_1dawws -It’s 106 miles to Chicago, we got a full tank of gas, half a pack of cigarettes, it’s dark… and we’re wearing sunglasses. Read more: Music Man – Seventy-six Trombones Lyrics | MetroLyrics
  • Books like the Bible have a great resource to create passwords as it has over 31,173 verses you can use. You can use Bible verses to create passwords like Joshua24I5$, 54Isa1ah17 *, Pr0v3rbs9_8%, J8hn316*
  • Convert from the Arabic-Hindu Number system into the Hexadecimal System so that you can say BacktoTheFuture1151955 and make it Back#T0#Th3#Future_1193D3

Biometric passwords – There is an increase of computers gives you the ability to use biometric data such as facial recognition, fingerprint, retina pattern or voice print data to generate a unique password based on your data. However, there have also been reported successful hacks for these methods.   An example of this would we be the Apple fingerprint lock, which was able to be bypassed the week it was released.

Second Key Authentication: Many systems like Facebook, Google, Yahoo, Hotmail, PayPal, and even financial institution offer second key authentication. In this method, you give the institutions your mobile phone number. When you attempt to login, the system sends a special random access code to the users mobile phone. To complete a log in the user must type in this code. Which mean they have to have your phone.

Personal Info Authentication: Many systems ask the user to select personal info questions to set up their user accounts such as the color of your first car, or mother’s maiden name, or best friend. These questions are to help users in case they have forgotten your password.  Be careful what info you select! Some information is public information or can be gathered from your Facebook profile.  For example, if your question is ‘Name of the High School you attended?’ and you are a member of the Eric Erickson High School group on facebook, then it’s not hard to answer this question.  What I can suggest is giving easy to nonsense answers like the J3di Acad3my. For example for all your selected question, put in the name of your favorite something (recording artist, fruit, book, author).  I mean if you select mother’s maiden name as your question, and typed in Mayberry.  it is highly improbable that anyone trying to hack your account will guess that.

CHANGE YOUR PASSWORD…OFTEN

Most computer security professionals recommend changing your Internet passwords and account login information at least once every three to six months. Though some debate if it is necessary, however, if you want to be safe change it at least once a year, like a month before or after your birthday and make it an annual reminder on your calendar. It may be safe for you to wait longer; it just depends on your computer habits, and how and where you surf the web. I recommend changing all your passwords at a minimum of once a year, perhaps the day after your birthday, or on New Year’s day, or the first day of spring (spring cleaning). Changing all of your Internet passwords can be a time-consuming and even an exasperating task, especially if you have lots of online accounts. But it is a sure way to guarantee a modicum level of safety; however, it is not the only safety precaution that should be considered for your login information. Whether you bank online or you are just sending a few simple emails, secure passwords are essential. You’ve heard of problems caused by hackers, who use your account to do illegal activity. There have been incidents of people not only hacking into people’s e-mail, or Facebook accounts but sending vicious messages.

 

You should avoid writing down your password or giving it to others. You should especially avoid writing it down and leaving it in a non-secured place such as on a post-it on your monitor or a piece of paper in your desk. If you absolutely must write something down (because you suffer from CRS), we suggest doing the following:

  • Don’t write down the entire password, but rather a hint that would allow you (but nobody else) to reconstruct it.
  • Keep whatever is written down in two places like a small notebook or other places that only you have access to and where you would immediately notice if it was missing or someone else gained access to it. (like in the movie Ghost)
  • Keep a list of 10 to 12 passwords of length 10 to 20 characters that you only use for 1 year, and then create new ones each year
  • Treat the not book like the One Ring – Keep it secret -Keep it Safe

TEST YOUR PASSWORD

There are several great websites that will examine your password and tell you how strong that is. Such sites include

  1. http://www.passwordmeter.com/
  2. https://howsecureismypassword.net/

However remember that hackers have tools as well, so you should have as many security measures to help reduce your chances of being hacked. Many sites link PayPal, Google, Facebook, Twitter and more have code key authentication features. You can turn these on, and when you (or anyone else) attempts to log in to your account, a numeric code is sent to your cell phone, and you need to type in that code to log in.  Sometimes it’s a hassle, especially if you lose or don’t have your phone with you.

 

NEVER EVER – TELL ANYONE YOUR PASSWORDS or LET SOMEONE KNOW WHERE YOU KEEP THEM..except in your will.

PepperEyes.com Self-Defense Products Store is dedicated to providing you with the best and most affordable self-defense products, survival and safety products on the market to meet the security needs of you, your family members or your business, by assisting anyone who is unwilling to become a victim of crime.  If you want to take personal responsibility for protection, home security, business security, purchase our high-quality discount self-defense products. Survival kits and arm yourself with the knowledge about self-defense and security products and information on the best way to stay secure in an ever-increasing violent world. In today’s society, being equipped mentally and physically is no longer an option. Victor Swindell of PepperEyes.com is a division of Onyx Knight Enterprises.

 

01/09/2016

BACK UP YOUR FILES BEFORE DISASTER STRIKES


Backing up has become more important than ever, thanks to cyber-attacks like ransom-ware or having a natural disaster like a flood or tornado.

If you are a regular reader here you already know how pervasive and frustrating ransom-ware is. If you’re new to our blog, here is a bit of background – Ransom-ware is one of the newest attack method in the malware world. It can be pulled off with great ease as all a hacker has to do is buy some premade ransom-ware kit from malware creators on the dark web. Then he or she distributes the malicious code, usually by way of email attachments, but as we have explained earlier, ransom-ware can also get onto systems via security holes, or vulnerabilities in outdated system software. When the ransom-ware code is executed by say, clicking that infected link in an email, it begins to encrypt all the files on your computer or device. That’s when you’ll get a notice from the ransom-ware creators, letting you know that your files have been encrypted and if you want to retrieve them you’ll need to pay them in untraceable bitcoins ($hundreds to thousands of dollars).

You have two choices, pay to perhaps get your files back, or not pay…and loose EVERYTHING you have on your computer!  The sad truth is that even if you pay you may not get your files back because once they have been encrypted, they can only be un-encrypted with the correlating key – which the hackers have and aren’t about to give to you.

If you have been meticulous in backing up your files, data, pictures and whatever else you have that’s precious to you, then you can stand your ground and walk away.

Make multiple backups

Before we delve into the different backup methods out there, it’s important to note that you should have more than one backup of your files stored in different places to ensure that you are completely covered.

Types of backup

Cloud-based backup – You are probably familiar with cloud storage like Google Drive and s9ihizonvcfhc0wndarsDropBox. The idea here is that your files are stored in the Google or DropBox cloud respectively and you can access them from anywhere that you can log into your account. These services are great for sharing pictures and collaborating on documents and presentations but they aren’t really designed for heavy duty, let alone automatic backup. Instead, look for a cloud based backup that automatically backs up all your files and folders. Some important features to watch out for:

  • Unlimited storage.
  • Folder syncing and sharing.
  • Continuous backup throughout the day automatically.
  • Available for smartphone.
  • Price tag factor – some plans like Carbonite can run at about $60 per license per year and others can run over $120 or more per year depending on the level of service or options you choose

Do your research and find the service and plan that fits your needs best and go with it! Some of the best plans out there are: Crashplan, SOS Online Backup, Backblaze, SugarSync, Spideroak , Carbonite, and iDrive.

iDrive is the PCMag Editor’s choice for 2016: (http://www.pcmag.com/article2/0,2817,2288745,00.asp)

“It has been one of the more ambitious online backup and cloud-based syncing service services in recent years, offering not only some of the most attractive pricing plans, but also a multitude of features in clear desktop, mobile, and Web applications.”

Local backup – Your other option is to back up to an external hard drive or a flash drive. This method is a bit less user-friendly as it cannot be done automatically and since flash drives are so small, they tend to get lost easily. But it’s not a bad idea to have a physical backup of your digital stuff.  You can purchase external drives, you just have to be careful not to leave them connected AFTER you backup.

PLEASE NOTE: Ransom-ware can affect every file on every drive on your computer, and even cloud drives like Dropbox. If you get infected with Ransom-ware, your backups can be affected as well. So please discount them when not using them.

 

When it comes to ransom-ware, follow our mantra “Backup, don’t pay up”.

13/10/2015

Spotting a Phishing Scam

Filed under: Cyber Crimes,Cyber Security — peppereyes @ 9:15 AM
Tags: ,

I received the following email in my inbox today.

screenshot_1013

Now on the surface..this looks like a valid email right?

  • It has the Chase Logo
  • It says it’s from the Chase Fraud Department

So how can I spot that it’s a fake.

  • I don’t have a chase account, which meant they have an email list and is sending this to everyone on that list. (Chumming the waters).
    1. They are hoping that many on this list are chase customers.
    2. They are hoping that many of those Chase Customer will click on the link.
    3. They are hoping that those Chase customer that clink on the link will provide them with valuable information that can be used to steal their identity or access their chase account.
  • The replay email <noreply.amss.com>. A valid one would be from Chase.com
  • If you hover over the link it URL is http://hotelvillatiziana.it/wp-content/themes/images/verify.php
    1. If you look it was send not from Chase.com but from some hotel in Italy.
  • Most companies like chase would not e-mail you, they will send you a letter asking you to login to check your security.

WHAT TO DO IF YOU GET ONE

  1. Don’t click on the link
  2. Make it as SPAM
  3. Delete it.

PepperEyes.com Self-Defense Safety and Security Products is dedicated to providing you with the best and most affordable self-defense products, and safety products on the market to meet the security needs of you, your family members or your business, by assisting anyone who is unwilling to become a victim of crime.  If you want to take personal responsibility for protection, home security, business security, purchase our high quality discount self-defense products and arm yourself with the knowledge about self-defense and security products and information of the best way to stay secure in an ever-increasing violent world. In today’s society, being equipped mentally and physically is no longer an option.

08/10/2015

Facebook Dislike Button Scam

Filed under: Facebook Scam — peppereyes @ 3:04 PM
Tags:

This is an Information Security advisory notice: be sure to avoid widespread e-scams centering on an opp082913_1906_HowyourFace1.jpgopportunity for you to “get the new dislike” button.

Clicking on a link offering availability of a Facebook (or other) “dislike button” typically leads to bad outcomes including, but not limited to, loss of private or confidential information; installation of very undesirable malware on your computer; deluge of unwanted phone calls, emails and snail mail selling unwanted products; and the like.

If you see any email, message, or posting about a Facebook dislike button, know this is almost certainly a scam. Click on nothing, do not open any attachment, do not fill out any forms and do not forward this to your friends and/or Facebook groups. Remember: ‘If in doubt, throw it out!

PepperEyes Self-Defense, Safety and Security Store is dedicated to providing you with the best and most affordable self-defense products, survival and safety products on the market to meet the security needs of you, your family members or your business, by assisting anyone who is unwilling to become a victim of crime.  If you want to take personal responsibility for protection, home security, business security, purchase our high quality discount self-defense products. Survival kits  and arm yourself with the knowledge about self-defense and security products and information of the best way to stay secure in an ever-increasing violent world. In today’s society, being equipped mentally and physically is no longer an option

07/01/2015

Ohhhh FREE money from Nigeria


The other day I received  the following  e-mail  in my e-mail box..and outlook.com flaged it..so I decided to read it.  Wow am I glad I did…and you can see why,

Our Ref: RTB /SNT/STB

To. Beneficiary.

scam-researchs

I am Special Agent David Jackson an FBI delegate that has been delegated to investigate these fraudster who are in the business of swindling Foreigners that came for transaction in Nigeria and all over the world. Please be informed that during my investigation I got to find out that there is huge sum of $10.5million that has been assigned in your name (Beneficiary.) and these fraudster are busy swindling you without any hope of receiving your fund.

 NOTE: You are not supposed to pay that huge amount from the beginning before the release of your fund, but depending on how you want the transfer made to you.We inform you that it has come to our notice and we have thoroughly Investigated with the help of our Intelligence Monitoring Network System and the (Interpol) that you are having an illegal Transaction with Impostors Claiming to be the Bank Governor in African, the CEO of Banks, General Manager Banks, FNB, Loto Officials, FIFA President,Chief Security Officer, Chief Financial Officer, Chief Communications Officer, Chief Operations Officer, Chief IT & T Officer, Chief Marketing and Commercial Officer.

We have to inform you that we have made arrest in respect of this delayed over due fund. I have a very limited time to stay in Nigeria so I advise you to respond to this mail immediately.

I shall expect your response as soon as you receive this email. Please Note that I have attached my Identification to this email. do not inform any of the people that collected money from you before now about this new development, Till we finish our assignment.

 Note that the above fund have been cleared from terrorist or fraud related activities. contact me on this email: davidjackson01000@yahoo——

 

Wow, what luck…a Special Agent of the FBI contacted me…so this has got to be real…right?

So what if he didn’t know my name…it’s still legit …right?

So what if this is from Nigeria, that is known for e-mail scams…it’s still legit…right?

So what if Special Agents of the FBI DO NOT do this sort of thing..it’still legit…right?

So what if these types of e-mail depend on greed for free money so that that I end up sending them things that can be used to steal my identity, or worse they just want me to pay a processing fee…it’s still 10.5 millions dollars we are talking about…it’s worth the chance…right..right.?

 

I wonder just how many people are ignorant or greedy enough to  fall for this new version of an old scam.  Just perhaps my outlook.com spam catcher is just smart..and did indeed put this in the trash were it belonged. I just have to live without being humiliated, scammed and worried about my identity being stolen…I think I can live with that.

The Following Publication gives more information about detecting and dealing with e-mail scams

https://www.us-cert.gov/sites/default/files/publications/emailscams_0905.pdf

PepperEyes.com dedicated to providing you with the best and most affordable self-defense products, and safety products on the market to meet the security needs of you, your family members or your business, by assisting anyone who is unwilling to become a victim of crime.  If you want to take personal responsibility for protection, home security, business security, purchase our high quality discount self-defense products and arm yourself with the knowledge about self-defense and security products and information of the best way to stay secure in an ever-increasing violent world. In today’s society, being equipped mentally and physically is no longer an option. PepperEyes.com is a division of Onyx Knight Enterprises

Self Defense Products

Pepper Spray, Stun Guns and more for Sale

Next Page »

Blog at WordPress.com.

%d bloggers like this: