×
Search TQA Weekly
×
Log into your TQA Weekly

Making the Black Hat's Lives Miserable

An explanation of how some hackers work, and how to defend against them.

Steve Smith, host of your TQA Weekly, explains how some black hat hackers may obtain your personal information, what you can do to defend against such attacks and how to prevent them in the first place.

Episode #2-18 released on January 29, 2012

I'm going to help you make a mess of all the plans of all the black hat hackers on the internet, and all you have to do is listen up.

You go online, research secure password security, and you'll find tons of information on how to secure your accounts. Rarely do we see articles that say that we should secure all our accounts, or how to go about it. Today, a short message, and important message.

What happens to your information when it is stolen? Do you even know? How can you be sure it hasn't already happen?

These are but a few questions you should ask yourself. Now, I know a lot of you have heard that having unique passwords for every web-site you use is safe, but is it really? Black Hat hackers that compromise other accounts, can use common information obtained from one web-site, to another to hijack accounts on other servers. If you use the same username, same mother's maiden name, date of birth, etc... this can be a problem, regardless of unique passwords.

So how does one protect themselves on the internet?

I suggest we all use unique user names on all future web-sites we subscribe to. It's obviously not practical to change a username after an account has been created, in some cases, but being able to use a different username means that next time one of your accounts is hijacked, the information obtained is really useless. Now, in order to render the information completely useless, we should all either boycott the maiden name or commonly asked verification questions field in registration forms, or add a unique dummy name instead. This makes it harder for those who wish to compromise your account.

Now why should we remove the maiden name or generically standard verification questions?

Keep in mind, anything that makes it easy to bypass a lost password, makes it easy to bypass the password, period. I'd personally feel better having to call a service department, use a customer pin, and have them send me back a password reset email. At the very least, have a password reset sent to the original e-mail account in question. This is by far, safer. It requires that you have access to information that only you should have, and that is not part of the login credentials, and you can always opt for resets sent to an account you should have access to.

Types of data mining attacks usually include public wifi attacks, spoof web-sites requiring DNS hacking, and in some cases keystroke loggers installed in public computers, or by viruses in your computer. In order to ensure maximum difficulty of data mining attacks in order to acquire your data/. You should always change your password often, keep it complicated, do not post your e-mail address, lock down all your accounts like Facebook, Google+, Twitter, Blizzard, Paypal, etc... with two step login, etc....

You should also avoid unencrypted Wifi hotspots, unless your using a secured pop3 or smtp email access. If it is not possible, use an e-mail service such as Gmail to act as a secure server to store your email to allow for safe access to your e-mail without compromising your e-mail accounts and passwords.

As usual, this can't and isn't a 100% solution, as any hacker with intent to access your data, who is patient enough, will eventually access your data by brute force. If you maintain sufficiently long and complicated passwords and different user names on every web-site, it will significantly slow them down. If you change your password often, this may in fact, make the chances of breaking into any account so virtually improbable that the attackers may give up unless they resort to hacking of the databases of the web-site, which usually should be encrypted, as per the example of the Sony hack, and many others therefore after.

Now, I'd like to know your opinions on this. Should web-sites allow us to change our login credentials, as easily as we change our passwords. You can send your comments, questions, suggestions and / or stories to ask@tqaweekly.com, or visit tqaweekly.com, and fill out our weekly survey directly.

Next week, the beginning of a web development series. I'll be doing one web development episodes, every other episode explaining different concepts and technologies we web site designers use to create web-sites. You'll be able to create your own web-site, maintain it, and understand how it all works.

Have a great day, stay safe and online. And, don't forget to subscribe, share and like this episode.

Host : Steve Smith | Music : Jonny Lee Hart | Editor : Steve Smith | Producer : Zed Axis Productions