“qwerty”, “monkey”, and “abc123”. These are the 4th, 5th, and 6th most-used passwords of 2011, according to a study [http://splashdata.com/splashid/worst-passwords/index.htm] released by password management software company Splashdata. Also on the list are classics like “123456” and, of course, “password”. It should be obvious to just about anyone that passwords like these are not especially good ones, so why do people keep using them? The mere fact that a password is present is no guarantee of security. Hackers and those wishing to gain unauthorized access to a system have any number of tools at their disposal to help them discover and thus bypass passwords. This does not mean that placing password protection in the way is futile, however. The better the password, the longer it will take for hackers to go through or around it.
So what makes a good password? Cracking passwords is a matter of time, and the time depends on how many characters the program doing the cracking is required to guess. Consider a password with nothing but lowercase letters (a bad idea, but one that will be covered later). There are 26 letters, and thus 26 possibilities for each character. A one-character password thus has 26 possibilities, and for every character past that, the number of potential passwords is increased by 26. A password with five characters has over eleven million possible combinations. Keep in mind, however, that it is a computer doing the cracking in most cases, a machine capable of performing millions of calculations in seconds. That five character, lowercase letters only password would be broken in mere moments by a dedicated hacker. But now consider adding a single uppercase letter in place of a lowercase one. This doubles the number of potential values per character, so that the time-to-crack is increased by a factor of thirty. Adding numbers to the mix triples that time. Then we have what are known as “special characters”, the set including things like punctuation, brackets, symbols, and the like. Since there are tons of these characters, and no pattern to guess which one might be inserted where, the resulting delay in cracking is huge. Special characters can make any password vastly harder to break.
Up to this point, we’ve been discussing a mere five character password, but now we come to one of the most important points: length. Even when using only lowercase letters, increasing the length of the password by one letter multiplies the field of potential passwords by 26. A long password, even without variation in the characters, is much harder to crack by brute force. There are other types of password crackers to worry about, however. The dictionary cracker, for instance, runs through a dictionary stored in its memory and tries every word. Using “elephant” as your password might befuddle a brute force cracker, but the dictionary hacker would figure you out in no time at all. Don’t try to play around with substituting numbers for letters in common words (“passw0rd”) either, as hackers have long since grown wise to this trick and programmed their tools to check for such substitutions; the same goes abbreviations (“trustno1”) and common character sequences (“123456”, “abcde”) . Nonsense passwords, or those which have meaning only to you, are better choices; you won’t find “18kaff?kaff!92cake” in any dictionary, and a brute-force cracker would take months, if not years, to bypass it.
The last point of importance is less about passwords and more about how you use them. While it might be tempting to come up with one good password and use it for all your important business, keep in mind that not all websites are equal in terms of security. If a single site turns out to be less trustworthy than you thought, and hackers gain access to their databases, your password could be handed to them on a silver platter, potentially allowing them access to any accounts, like your facebook or email, using the same password. If you’re really concerned about security, it’s best to change your passwords every few months, ensuring that even if someone got access to old account records, their information would be obsolete and useless.
With the popularity of social media like facebook and twitter, and the growing use of mobile devices such as tablets and smart-phones, having a website and Internet presence is becoming more important. Many business owners are sometimes overwhelmed with all the information out there and it can get confusing when people start talking about SEO and Places pages, and Facebook widgets etc, but the nice thing about the web is that you can start small and simple and then easily grow as you learn and expand.
I run into people who own small businesses every day who do not have a website and I wonder how much potential business they might be losing because of it. With so many people now using the Internet to shop and to find places to purchase things, having a web presence is more important than ever. Unfortunately, there have been many small business owners who have been ‘burned’ by unscrupulous web designers who have charged them thousands of dollars for websites that are not really worth it, but there are certainly many of dollar wise alternatives available if you do a little bit of research. For many businesses, getting even one customer from it can easily pay for the website, and having a website definitely increases your advertising exposure in one of the most cost effective ways possible.
I had one business owner that called me and asked if I could help him setup a website and he proudly told me that he had gotten his domain name himself. I asked him how much he paid for the domain and he told me that he was happy that he found the name he wanted at a bargain price of $300 (for a year). Unfortunatley, he too fell prey to a company that misled him and sadly I could have shown him where to get that same domain for @ $10 a year.
For a small simple website, you should be able to find a domain for @ $10 year, and then find hosting for it (the server that holds the website files and makes them available on the Internet) for $4 – $10 a month depending on your needs. Of course it takes a bit of research to find the best deals – and the best deals are not always the cheapest. You should always be careful of shared hosting companies that offer a lot for a little, as you may find your website on a server with hundreds of other websites and find that pages load so slowly that people usually leave your website before they even see it! There are however a number of large and reputable companies which offer good deals and good performance for a reasonable price, so a bit of beforehand investigating can certainly save you a lot of time and money in the long run.
Then there is the website itself. Setting up a simple website is not that hard, nor should it be expensive. Personally I tend to stay away from those all-in-one site designers that many companies offer. The built in site designers are often slow, clunky and end up giving you a website that just looks bad. I have found that using a content management system like WordPress is often the easiest and cheapest way to get a professional and easy to manage website up in minimal time. Systems like WordPress allow you to design and edit your website without any special software and there are a ton of free themes and plugins available to help you customize your website.
I have setup many WordPress sites over the past few years for local businesses, and what I like the most about using WordPress is that the websites can be easily customized to be unique and professional, and the business owner or their employees can easily update information on the website without having to call and pay a web developer every time they want to make a simple change. The ability to control your own website is something I think is very important as I have seen far too many business owners who have websites that they hate because they have some developer that they have to call (and usually pay) every time they want to change a line of text or a picture.
At Pensacola Computers, we have helped many local Pensacola area businesses start their own websites and have a lot of insight in the local Pensacola area market with experience in both website design and local search engine placement (getting on the first page of Google search is always a plus!). We are also experts with WordPress websites and have setup a number of websites for local businesses with excellent search engine placement and front page google results. Visit us today at http://pensacolacomputers.com or call us at 850*390*4242
Once again, a round of Facebook scams is hitting users. This recent one is a rehash of one that has been done before that entices users by telling them they can install an app to see who has viewed their profile. In the past few days, messages such as “OMG OMG I can’t believe this actually works! Now you can really see who viewed your profile on:” followed by a link that redirects people to ads, malware, or other garbage.
According to security firm Sophos, over sixty thousand people clicked on the link in a period of a few hours. Sophos recently published a blog post that outlines the scam here. For people who are wondering, Facebook has repeatedly said that there is no way to see who has viewed your profile and no way for such a function to be created. Facebook security encourages users to report any such suspicious activity and remove any references to such things from your news feeds. They also suggest making sure that you only grant known applications rights via your Account>Privacy Settings>Applications and Websites settings.
As always, all users should follow internet security guidelines and not click on suspicious links, regardless of their supposed source. Always ensure that you are running up to date antivirus and antispyware/antimalware software, and do regular scans. You can find links to free antivirus and antispyware, antimalware software on our Pensacola Computers Tech Support page. If you do get infected or have a question, contact us at Pensacola Computers
So many people come to me with problems on their computers, from viruses, to lurking malware that steals their passwords and slows down their systems. The funny thing is that many of these same people also tell me that they only use their computer for general web surfing, email, and …….. Facebook. Of course Facebook has become the most popular social networking site on the internet in the past year, but with this popularity comes problems – wherever there are lots of people, their arise opportunities for nefarious types and criminal activity. Unfortunately, Facebook provides these people with the perfect platform to spread their Trojans, Keyloggers, fake antivirus scareware, and general malware crap that will make your PC very sick.
But how do they do it? Well, they take advantage of people by using their friends to help spread their nasty things. All it takes is one friend getting their account hacked (either by using a simple password, or by getting a virus/malware infection themselves), and then the nasties usually get sent out as links to all this persons friends and family. Of course when you get a link from Aunt Martha that says to check out the latest Family video, or from your best friend telling you that you just HAVE to check out this sale they found, you of course trust it, and click on it and BAM! All of a sudden you have pop-ups, or something is telling you your computer is infected, or you suddenly go to search for something and end up on some site that has nothing to do with what you typed in.
So what do you do? The best thing to do is to NEVER click on the links in the first place, at least not from Facebook. If by chance you have clicked on one of these bad links and your computer gets infected, first step is to try a system restore (this is often the best chance to stop the virus/malware before it gets out of control). If system restore appears to work, just remember to update your anti-virus and anti-malware software and do full scans to get rid of any traces. If system restore doesn’t appear to work, you should then try going into safe-mode (press F8 key repeatedly at start-up), and then update and run your anti-virus/anti-spyware programs.
Sometimes, infections can get pretty nasty – especially if they have been allowed to invite their friends to your computer over a period of time. When this happens, and you can no longer get on the internet, or even get to your desktop, you may need more advanced help. Visit Pensacola Computers for immediate computer service (yes, it’s a shameless plug, but it’s my blog and I really can help when your computer is FUBAR’d)
According to a new report released by the Mcafee Security Labs, social networking sites like Facebook can expect more attention from cybercriminal in 2010. The director of security research at Mcafee, David Marcus, expects “an explosion of Facebook and other services targeted by cybercriminals.” Marcus expects an increase in rogue Facebook applications in addition to malware like Koobface that spreads among Facebook users’ friends lists.
Marcus explains “When you click yes to ‘do you want to allow this application to access your Facebook account,’ you’re giving that application access to all the data in your Facebook account.” With so many people using Facebook now, this is a prime way for scammers and spammers to not only harvest user data, but to have a direct line into people’s computers to install rogue applications.
Because Facebook allows these ‘third-party’ applications to be installed within the Facebook framework, this leaves a huge vulnerability hole open for malicious exploits. In today’s world, all it takes is one rogue application making through to your computer for the floodgates to open – and a word to the wise – even if you don’t run a PC and think your ‘secure’ Mac computer will protect you, think again – Macs are just as vulnerable to infections, and perhaps even more so considering the lack of good security software installed on most Apple systems. In addition, rogue applications that work on the browser level to infect and steal your Facebook account data don’t care what OS or security software you are using – they grab the data right out of your account on the web level.
So what should you do? Well the best thing to do is to not use Facebook, however for some, that just isn’t an option. For those who just can’t live without it, you should take sensible precautions: only install apps from within Facebook by clicking browse more applications in the Facebook application installer (this will allow only ‘approved’ applications to be installed – not a total guarantee, but definitely safer). Also, never ever lend your credentials to friends or family members, and never click on links directly – instead copy and paste them into your address bar so you can ensure where you are going first (if you don’t know the website, don’t go there!).
To read the full report by Mcafee, go here: http://www.mcafee.com/us/local_content/white_papers/7985rpt_labs_threat_predict_1209_v2.pdf
For the audio interview podcast of David Marcus for CNET: http://radiolarry.com/cnetaudio/mcafeereport2010.mp3
Lately I have been seeing more computers infected with the Vundo Trojan, which as one of the ill effects constantly bombards users with Antivirus 360 messages that their computer is infected. This program should not be confused with Norton’s 360 (which in my opinion is almost as bad, but not malware). The infections it tells users are on their machines are bogus, and are often critical Windows Files. Of course they want you to buy their product in order to ‘clean’ your system, however what you buy is actually more spyware/malware. Unfortunately, in many cases if your computer is infected with this, there is a chance that you also have other infections, and while there are tools such as Malwarebytes Anti-Malware and Spybot S&D that can help remove some of these, they often cannot get everything (it is a hit or miss kind of thing).
The best thing of course is not to get infected in the first place, which can be done by keeping up to date Windows updates, a good antivirus, and usually a couple anti-spyware products, and of course not downloading anything that you aren’t sure of what it is. Many of these spyware products are installed when you install supposed ‘video codecs’ or by viewing infected videos and even music files (stay away from the file sharing sites). You can also be infected by malicious code that can attack your computer from social networking sites like MySpace and Facebook (never click on a link that you aren’t sure of, nor download any kind of ‘media viewer’ from these sites).
If you do get infected, you can try a system restore (hopefully you have a restore point that is before you got infected), as well as run full antivirus and anti-spyware scans. Many times it is best to run these scans in Windows Safe Mode (press the F8 key when the computer is first booting). Safe mode will load only essential drivers and services and often the antivirus/antispyware software will have better success at killing these pesty infections. Of course, before attempting any cures, it is a good idea to make sure you have critical data backed up (and make sure you scan your backups for viruses/spyware before putting it back on your system once it is cured!)
Social Networking sites like Facebook and Myspace, while abundantly popular have also proven to harbor quite a few nasty dangers for those who are unaware. The latest is a variation of a Worm program that first appeared in July, the Koobface Worm . This worm spreads from friends messages that appear to be video links, when you click the link, you are asked to download or update your software to view the video – of course the software you download is actually a Trojan horse downloading program (that can install other bad things without you even knowing), as well as a keylogger program that can steal all your login and password information.
Virus and spyware writers take advantage of the popularity of such social networking sites as they are a prime target area to reach a mass amount of people. The biggest problem is that these sites are used by a lot of younger people who will often just click things without understanding what they are doing. One day your teenager is using their MySpace or Facebook, and the next your bank is calling about all kinds of charges on your credit card because someone got your banking information from a virus/spyware that was planted on your computer.
So what can you do to avoid these things? Well the best is to just not use such sites, as they will constantly be attacked and are vulnerable to all kinds of malicious software. If that isn’t an option, then make sure you have up to date antivirus and antispyware software, and be especially careful to NOT download any software or active X controls. Many times these items will appear to be legitimate software (such as Adobe Flash player), however if in fact you need an update to this software, instead of clicking on a link that may appear when you visit a webpage that says you need to update the software, go to the source (like Adobe.com) and update your software directly from there. If you go back to another site and get a pop-up saying that it is still out of date, then more than likely it is malicious software trying to infect your system.
The majority of viruses and spyware infect peoples systems because people give them permission to – most of the time inadvertantly because they are misled, or don’t read what they are installing. So be careful! If you aren’t absolutely sure about something, then don’t install it!