Password Protection

By Sandy Berger, Compukiss.com

www.compukiss.com

sandy (at) compukiss.com

This article has been obtained from APCUG with the author’s permission for publication by APCUG member groups; all other uses require the permission of the author (see e-mail address above).

When technology is good, it is very, very good, but when it is bad it can be truly atrocious. So it is with the hacking of Sarah Palin’s Yahoo email account. The bad guys are out there using technology for their own advantage. Whether they are serious hackers who want information for devious purposes or young students who just want to show their technological prowess, this theft shows that everyone is vulnerable.

The recent hijacking of Sarah Palin’s email account is also a great example of how a hacker can gain access to an email account and how email accounts need to be better protected against such penetration.

We currently rely on passwords to protect most of our online activity. Professional hackers often use “password crackers” to guess passwords. Anyone can easily find these hacker tools on the Internet. They can even be purchases on CD. There are wordlists for common passwords and dictionary combinations of possible passwords in a variety of different languages. These tools are all aimed at giving a person all the technical tools that they need to guess passwords.

In Sarah Palin’s case, however, the perpetrator didn’t even have to use tools like this. A hacker identifying himself as "Rubico" claims to have been able to change the password on Sarah Palin’s Yahoo Mail account quite easily. All he had to do was use her email name to log into the Yahoo Mail’s interface and select the option to reset the password. Yahoo then asked him to provide her birth date and zip code, which have become public knowledge. He then had to answer her self-chosen security question which was where she met her husband. After several television interviews of Sarah and her husband, the answer to that question also became public knowledge.

Sarah Palin was thrown into the public arena quite quickly, but even those of us who are not public figures may find that their passwords and answers to security questions can be easily guessed. Do you use the name of your spouse, children, pet, favorite sport, birthday, or wedding date as your password? Have you entered security questions like place of birth or favorite color that are easy to guess?

Privacy as we knew it before the Internet is now a thing of the past. With the Internet, more of our lives are online than most of us realize. Many people use blogging as a past time and post information on MySpace, Facebook, and other social networking websites. Once posted, all of that information is publicly known. And the Internet is archived, so even when you remove current information, previously posted information can still be found in Internet archives. That information can be used to guess passwords and access personal information.

So here are a few ground rules that may help keep your private information a little safer online:

1. Use passwords that are not easy to guess and cannot be easily cracked. (Look for more on how to choose good passwords in next week’s column.)

2. Choose a security question that others will not be able to guess the answer to. Or answer the security question with an answer that you create which is not necessarily the true answer.

3. Use unique passwords, especially for important services and websites like banking sites and email.

4. Keep your passwords private. Don’t leave them on a sticky note on your computer screen or keep them in an unencrypted file on your computer.

5. Change your passwords often.

6. Do not change your password by clicking on a link in an email from someone claiming to be a system administrator, bank representative, or other seemingly reputable party. They may not be who they say they are. When you want to change your password, always type in the address yourself so you know you are at the real website rather than a bogus one.

7. Use one credit card for all online purchases. This will limit your financial exposure.

8. Keep your operating system up-to-date.

9. Use a good anti-virus and anti-spyware programs.

10. Consider using an encrypted password manager program.

Check the Compu-KISS website at www.compukiss.com for more information on choosing good passwords.

!Danger: Music Download!

by Mike Morris, Editor-in-Charge, Front Range PC Users Group, Colorado

http://www.frpcug.org

twriterext (at) gmail.com

This article has been obtained from APCUG with the author’s permission for publication by APCUG member groups; all other uses require the permission of the author (see e-mail address above).

"On September 8, 2003, the recording industry sued 261 American music fans for sharing songs...."

That partial quote is from an Electronic Frontier Foundation article (http://www.eff.org/wp/riaa-v-people-years-later) that provides an in-depth description of RIAA (Recording Industry of America) activities, with many references. Lawsuits filed by the RIAA over the past five years have resulted in severe financial hardship to individuals that were targets of RIAA legal action—and some of those defendants claimed that they were not aware that they had violated the law.

Legal consequences for anyone caught in a violation of copyright infringement laws have now increased.

On October 13th, 2008, a new law, the Prioritizing Resources and Organization for Intellectual Property Act was signed that provides new federal enforcement powers and higher penalties for copyright infringement.

For details, see this CNET news story:

http://news.cnet.com/8301-13578_3-10064527-38.html.

Briefly, (from the CNET story^©—used with permission from CBS Interactive, Inc., copyright 2008, all rights reserved) "...the law consolidates federal efforts to combat copyright infringement under a new White House cabinet position, the intellectual property enforcement coordinator, who will be appointed by the president. ... The law also steepens penalties for intellectual-property infringement, and increases resources for the Department of Justice to coordinate for federal and state efforts against counterfeiting and piracy. The so-called Pro-IP Act passed unanimously in the Senate last month and received strong bipartisan support in the House."

We often forget that under our legal system, ignorance of the law is no defense. For those readers with family members, friends and acquaintances that are casual computer users, now may be the time for a reminder that, however tempting, free music downloads may result in serious legal problems. And, for any member of those same groups that use the internet as their primary source of music, that reminder may be an absolute necessity.

To paraphrase a different warning, "free music downloads may be injurious to your financial health." You, your family, friends and acquaintances all need to be informed consumers before downloading "free" music or sharing music files.