Why you should be wary of the cloud
Sep 5, 2014 23:42:38 #
Banks are being hacked. Private celebrity selfies are being exposed. And after a massive break-in, Home Depot may have to do some major repairs.
Summer vacation is definitely over, so it's time to do some fall maintenance of your own and stop trusting the cloud.
Early this week, hackers broke into some celebrities iCloud accounts and dug up and posted their very intimate photos some of which the victims, including Jennifer Lawrence and Kate Upton, thought they had deleted. Apple, which owns iCloud, initially issued a statement explaining that there was no security breach. But by the end of the week Apple CEO Tim Cook said the company would add a security feature to alert users with a warning when someone tries to restore iCloud data. (The feature should be running in two weeks.)
Banks, email services and other online companies generally send users an email notice when someone tries to log in to your account from an unfamiliar device or tries to change a password.
That means your email account is your last line of defense. So if you do only one thing to protect yourself this month, make sure you use a unique and elaborate password to access your email.
The password should contain the longest string of arbitrary letters and numbers you can recall consistently ("passwordandmybirthday" does not count). Even sentences followed or preceded by numbers are an excellent defense against hacks.
This is important because law enforcement is still investing a break-in that involves several banks, including JP Morgan Chase. How many depositors have been affected remains unclear, but what is obvious is that these attacks are continuing.
As to whether financial institutions will ever succeed in stopping digital thievery, security professionals say dont hold your breath. Criminals are involved in an escalating battle for your accounts, and they wont stop. As bank robber Willie Sutton famously said (although he denied it), "That's where the money is."
And that means you should never respond to an email or click on a link in one that asks you to log into an account even if it is from your bank. Hackers are very adept at faking such messages, along with partial account numbers and official-looking logos. These so-called phishing attacks may look legit, but they'll take you to f**e sites that ask for your password. And thats when you get hacked.
The same goes for LinkedIn requests in e-mails, or even for friends who send you a link that requires a password. Just don't do it. Instead, open a separate browser and go directly to the site you know before you sign in.
Another question being debated this week is whether we can trust the cloud at all, given that more of our personal lives are being stored online. The answer, again, is no.
Services that store your calendars, emails, financial data and entertainment grew exponentially as high-speed Internet became pervasive and cheap storage became commonplace. But security has not kept pace. The fact is, when you use a cloud service, you are trusting someone else to keep your records on their computers and hard drives.
Like the banks, these services are embroiled in a war against criminals. And even if they have the best intentions, they are not impregnable. They may be secure enough to store your e-books, digital movies and music, but everything else? Keep it to yourself.
Finally, as a victim of identity theft, I recommend that you contact the credit reporting companies Equifax, T***sUnion and Experian and put a fraud alert on your account. It will usually last for only 90 days, but it should prevent anyone from opening a credit account in your name, increasing your credit limit or getting a new card without someone contacting you. (Be aware, though, that it will also prevent you from instantly opening a credit account in a store.)
Is all this work a hassle? Yes. Are we just being paranoid? No. It's not paranoia when cyber Willie Suttons are trying to break into your accounts. Because thats where the money is.
John R. Quain is a personal tech columnist for FoxNews.com. Follow him on Twitter @jqontech or find more tech coverage at J-Q.com.
Summer vacation is definitely over, so it's time to do some fall maintenance of your own and stop trusting the cloud.
Early this week, hackers broke into some celebrities iCloud accounts and dug up and posted their very intimate photos some of which the victims, including Jennifer Lawrence and Kate Upton, thought they had deleted. Apple, which owns iCloud, initially issued a statement explaining that there was no security breach. But by the end of the week Apple CEO Tim Cook said the company would add a security feature to alert users with a warning when someone tries to restore iCloud data. (The feature should be running in two weeks.)
Banks, email services and other online companies generally send users an email notice when someone tries to log in to your account from an unfamiliar device or tries to change a password.
That means your email account is your last line of defense. So if you do only one thing to protect yourself this month, make sure you use a unique and elaborate password to access your email.
The password should contain the longest string of arbitrary letters and numbers you can recall consistently ("passwordandmybirthday" does not count). Even sentences followed or preceded by numbers are an excellent defense against hacks.
This is important because law enforcement is still investing a break-in that involves several banks, including JP Morgan Chase. How many depositors have been affected remains unclear, but what is obvious is that these attacks are continuing.
As to whether financial institutions will ever succeed in stopping digital thievery, security professionals say dont hold your breath. Criminals are involved in an escalating battle for your accounts, and they wont stop. As bank robber Willie Sutton famously said (although he denied it), "That's where the money is."
And that means you should never respond to an email or click on a link in one that asks you to log into an account even if it is from your bank. Hackers are very adept at faking such messages, along with partial account numbers and official-looking logos. These so-called phishing attacks may look legit, but they'll take you to f**e sites that ask for your password. And thats when you get hacked.
The same goes for LinkedIn requests in e-mails, or even for friends who send you a link that requires a password. Just don't do it. Instead, open a separate browser and go directly to the site you know before you sign in.
Another question being debated this week is whether we can trust the cloud at all, given that more of our personal lives are being stored online. The answer, again, is no.
Services that store your calendars, emails, financial data and entertainment grew exponentially as high-speed Internet became pervasive and cheap storage became commonplace. But security has not kept pace. The fact is, when you use a cloud service, you are trusting someone else to keep your records on their computers and hard drives.
Like the banks, these services are embroiled in a war against criminals. And even if they have the best intentions, they are not impregnable. They may be secure enough to store your e-books, digital movies and music, but everything else? Keep it to yourself.
Finally, as a victim of identity theft, I recommend that you contact the credit reporting companies Equifax, T***sUnion and Experian and put a fraud alert on your account. It will usually last for only 90 days, but it should prevent anyone from opening a credit account in your name, increasing your credit limit or getting a new card without someone contacting you. (Be aware, though, that it will also prevent you from instantly opening a credit account in a store.)
Is all this work a hassle? Yes. Are we just being paranoid? No. It's not paranoia when cyber Willie Suttons are trying to break into your accounts. Because thats where the money is.
John R. Quain is a personal tech columnist for FoxNews.com. Follow him on Twitter @jqontech or find more tech coverage at J-Q.com.
Sep 6, 2014 00:35:44 #
bmac32 wrote:
Banks are being hacked. Private celebrity selfies ... (show quote)
One of the better suggestions I heard was to use an author and/or book title. For those of faith, choose a Bible Verse plus the page number it is on and/or a hymn plus the hymn number in a hymnal.
Sep 6, 2014 01:37:20 #
For me security should be number one for everyone no matter how much or how little you have, it's yours!
Hackers are on to the bible stuff and if you use it for everything they will crack it, time is on their side.
Hackers are on to the bible stuff and if you use it for everything they will crack it, time is on their side.
AuntiE wrote:
One of the better suggestions I heard was to use an author and/or book title. For those of faith, choose a Bible Verse plus the page number it is on and/or a hymn plus the hymn number in a hymnal.
Sep 6, 2014 02:02:30 #
bmac32 wrote:
For me security should be number one for everyone no matter how much or how little you have, it's yours!
Hackers are on to the bible stuff and if you use it for everything they will crack it, time is on their side.
Hackers are on to the bible stuff and if you use it for everything they will crack it, time is on their side.
As to the Bible verses, adding the page makes it difficult. Consider the number of Bibles, varying print sizes, t***slations, etc. Is it from a hard copy, Kindle, iBible, nook, KJV, NKJ, NIV, ASB, St.Anthonys, etc.
The strongest recommendation has been to utilize different signs; £ #, within your password, plus using upper and lower case letters. One of my accounts required eight letters, plus two symbols, with at least two of the eight letters being upper case. With my iPad, it took five attempts before they would accept my password as strong.
Sep 6, 2014 10:07:11 #
lpnmajor
Loc: Arkansas
bmac32 wrote:
Banks are being hacked. Private celebrity selfies ... (show quote)
People still can't understand that if you put something into the Ethernet, it is there for anyone to access who knows how. For every new security measure, there are dozens ( if not 100's ) of people who do nothing with their lives, EXCEPT find ways to bypass those.
I don't do anything on the net, that I wouldn't want anyone to gain access to. Banking is one area where I'm vulnerable, because nary a financial institution is NOT on the net, but my funds are insured, at least.
Sep 6, 2014 12:40:12 #
64 bit blow fish is the strongest protection one can buy or go free if you trust it. Many tools to help secure things but no matter how secure if you become a target they can get in.
http://www.zdnet.com/fbi-hack-yielded-12-million-iphone-and-ipad-ids-anonymous-claims-7000003668/
As for iPad, the attention of hackers has turned to them, they go where the money is, and no matter what Apple does if your a target they will get in.
http://www.zdnet.com/fbi-hack-yielded-12-million-iphone-and-ipad-ids-anonymous-claims-7000003668/
Target, Home Depot and banks have become targets lately. Hackers use botnet's (large groups of computers) with a v***s type software that infects computers and controls them. A single botnet may control 10,000 computers without the users knowledge to attack a single computer. The hacker runs there software 24 hours a day so with that much computer power they can do billions of passwords a day. It use to be a joke to some, oh I don't need anti-v***s software I have nothing to steal, yes you do, your bandwidth so a hacked can use you.
Apple is not as safe as they claim, not by a long shot.
http://www.zdnet.com/fbi-hack-yielded-12-million-iphone-and-ipad-ids-anonymous-claims-7000003668/
http://www.zdnet.com/fbi-hack-yielded-12-million-iphone-and-ipad-ids-anonymous-claims-7000003668/
As for iPad, the attention of hackers has turned to them, they go where the money is, and no matter what Apple does if your a target they will get in.
http://www.zdnet.com/fbi-hack-yielded-12-million-iphone-and-ipad-ids-anonymous-claims-7000003668/
Target, Home Depot and banks have become targets lately. Hackers use botnet's (large groups of computers) with a v***s type software that infects computers and controls them. A single botnet may control 10,000 computers without the users knowledge to attack a single computer. The hacker runs there software 24 hours a day so with that much computer power they can do billions of passwords a day. It use to be a joke to some, oh I don't need anti-v***s software I have nothing to steal, yes you do, your bandwidth so a hacked can use you.
Apple is not as safe as they claim, not by a long shot.
http://www.zdnet.com/fbi-hack-yielded-12-million-iphone-and-ipad-ids-anonymous-claims-7000003668/
AuntiE wrote:
As to the Bible verses, adding the page makes it d... (show quote)
If you want to reply, then register here. Registration is free and your account is created instantly, so you can post right away.