Posts tagged " Passwords "

Perfect online privacy?

March 23rd, 2018 Posted by News No Comment yet

True internet privacy could finally become possible thanks to a new tool that canfor instancelet you prove you’re over 18 without revealing your date of birth, or prove you have enough money in the bank for a financial transaction without revealing your balance or other details. That limits the risk of a privacy breach or identity theft.

The tool is an emerging cryptographic protocol called a zero-­knowledge proof. Though researchers have worked on it for decades, interest has exploded in the past year, thanks in part to the growing obsession with cryptocurrencies, most of which aren’t private.

Zero Knowledge Protocol (or Zero Knowledge Password Proof, ZKP) is a way of doing authentication where no passwords are exchanged, which means they cannot be stolen. This is cool because it makes your communication so secure and protected that nobody else can find out what you’re communicating about or what files you are sharing with each other.

ZKP allows you proving that you know some secret (or many secrets) to somebody at the other “end” of communication without actually revealing it. The very term “zero knowledge” originates from the fact that no (“zero”) information about the secret is revealed, but the second party (called “Verifier”) is (rightfully) convinced that the first party (called “Prover”) knows the secret in question. Why would you need to prove you know the secret without telling it? When you don’t trust the other person, but still need to persuade them that you know it. 

Much of the credit for a practical zero-knowledge proof goes to Zcash, a digital currency that launched in late 2016. Zcash’s developers used a method called a zk-SNARK (for “zero-knowledge succinct non-interactive argument of knowledge”) to give users the power to transact anonymously.

That’s not normally possible in Bitcoin and most other public blockchain systems, in which transactions are visible to everyone. Though these transactions are theoretically anonymous, they can be combined with other data to track and even identify users. Vitalik Buterin, creator of Ethereum, the world’s second-most-popular blockchain network, has described zk-SNARKs as an “absolutely game-changing technology.”

For banks, this could be a way to use blockchains in payment systems without sacrificing their clients’ privacy. Last year, JPMorgan Chase added zk-SNARKs to its own blockchain-based payment system.

For all their promise, though, zk-SNARKs are computation-heavy and slow. They also require a so-called “trusted setup,” creating a cryptographic key that could compromise the whole system if it fell into the wrong hands. But researchers are looking at alternatives that deploy zero-knowledge proofs more efficiently and don’t require such a key. 

Four ways to avoid being a victim of Russian cyberwarfare

January 22nd, 2018 Posted by News No Comment yet

Russian cyberwarfare is the new threat to the nation, according to Nick Carter, the head of the British army, which means that the new frontline is, well, you. So it’s now more than just simple self-care to be smart about your online security – it’s your patriotic duty.

Update your devices – and upgrade the ones you can’t

Some of the most damaging cyber-attacks in recent years haven’t come through elite hackers crafting one-of-a-kind viruses to break into secure government devices, but from exploiting the old and out-of-date hardware that normal people use every day.

Take the Mirai botnet: a swarm of millions of hacked devices, it was used to overload servers by bombarding them with traffic requests. But the basic elements of the botnet were simple, cheap, “internet of things” devices such as security cameras or smart lightbulbs, which had glaring security flaws that no one ever bothered to fix.

Don’t be a John Podesta

“Fancy Bear” is the organisation behind the hacking of Hillary Clinton’s campaign chairman, John Podesta. He fell prey to a phishing campaign, well-executed but simplistic, that allowed the attackers to download – and leak – every email he had sent or received.

At its heart, the hack used a fake warning from Google, asking Podesta to click a link and log in to respond to a security alert. After an aide mistakenly told him the link looked legitimate (he meant to type “illegitimate”), he did – but the link didn’t go to Google, and so he ended up sharing his username and password with the attackers.

The easy-to-say, hard-to-do advice is “always make sure links are from who they say they are”. A more useful recommendation may be to join the 10% who have “two-factor authentication” turned on their email.

Avoid paying the ransom

The WannaCry ransomware attack has been credibly linked to North Korea, which has apparently been stepping up its use of cybercrime as a method of fundraising – a technological improvement from recent history, when the nation was one of the largest forgers of US currency.

Keeping a backup of your critical data is a good idea anyway (who knows when a stray cup of coffee will fry your treasured photos?), but it is twice as useful if you can avoid paying a bitcoin ransom to a pariah state.

Think twice before retweeting and sharing

According to new figures from Twitter, more than 50,000 accounts on the site were created for the express purpose of spreading Russian misinformation during the US election. Of course, the point of the misinformation accounts was to blend in with conventional US political activists, so … maybe just log off altogether?

Thanks to Alex Hern at The Guardian for this article.

What to do if your business Social Media account is hacked

August 16th, 2017 Posted by Uncategorized No Comment yet

Even if you’re embarrassed, it’s important to let people know that you’ve been hacked – and most importantly, set up your accounts and educate staff to avoid it happening again.

If a business’s social media accounts are hacked, it can be hugely detrimental to its reputation and relationship with the public.

Here, security experts and social media professionals share advice on how to handle a hack and restore your company’s image.

Change passwords on all accounts

First, determine whether you’re still able to log into the hacked account.

“If you can log in, change the passwords on all your social media accounts – not just the ones that have been hacked,” advises Romain Ouzeau, chief executive of Iconosquare, an Instagram analytics company. “As some social media platforms offer the ability to log in via other sites and services [Tweetdeck, for example], you may be compromised on additional networks.”

As a general rule, Rob Brown, vice president of the Chartered
Institute of Public Relations
 (CIPR), advocates the use of a different password for each social media platform. “Update passwords every two months, choosing longer passwords that contain different characters, and use two-step verification if a social media service offers it,”
he says.

If you’re not able to log in, head straight to the social media company’s contact pages and tell the relevant team that you’ve been hacked.

Clean up the mess

If you’ve been hacked, there’s a chance that communications will have been sent from your account by the offender.

“If this happens, take a screen grab of the content before removing it,” says Lee Campbell, cyber computing lecturer at the University of Gloucestershire. “Then report the breach to the social media provider.

“If the compromised social media account includes content of a threatening, or abusive nature, report it to the police via Action Fraud, the UK’s national fraud and cyber crime reporting centre.”

Communicate and take control

Even if you’re embarrassed, it’s important to let people know that you’ve been hacked.

“Post an update from the reclaimed hacked account, stating what has happened and that unauthorised changes and/or communications may have occurred,” says Blaise Grimes-Viort, chief services officer for social media business, The Social Element.

“If any private or direct messages have been sent, contact those who received them directly to tell them what happened and that they shouldn’t click on any of the links that were sent.”

It’s also worth checking to see which third-party apps (auto post tools, for example) are connected to your social media profile. Review the list and delete any that you no longer use. If you keep seeing unwanted content posted through your account, you may want to revoke access for all third-party apps.

Prevention is the best plan

“If you have a response plan in place before an attack happens it means there are clear actions for employees to take – this helps members of staff act quickly and can help with damage limitation” recommends Microcomms in-house Cyber Security expert Richard Howard.

“The majority of cyber attacks are caused by human error – deliberate or not – so employee training and communication is vital and should also cover advice on spotting suspicious activity, such as phishing emails.”

There are also some simple things that you, as a business owner, can do to improve security across your network. Use the latest antivirus software, run frequent scans for malware (malicious software) and perform a regular off-site backup of your systems.

You can manually adjust the settings on your [social media] account profile pages, restricting who can see your posts, photos and user profile. Also, tighten access to your mobile devices by setting a pin number of at least six digits on each.

Microcomms carry out cyber security health checks, staff training and will provide advice and recommendations to keep your business well protected from attack.

Router hack risks

June 26th, 2017 Posted by News No Comment yet

A weakness that left thousands of Virgin Media routers vulnerable to attack also affects devices by other providers, security experts suggest.

Virgin Media’s Super Hub 2 was criticised for using short default passwords that could easily be cracked by attackers.

But experts raised concerns that older routers provided by BT, Sky, TalkTalk and others were also at risk.

They recommend users change their router password from the default.

It’s a bit unfair that Virgin Media has been singled out here. They made a mistake – but so have many other internet service providers,” said Ken Munro from security firm Pen Test Partners.

“This problem has been known about for years, yet still ISPs [internet service providers] issue routers with weak passwords and consumers don’t know that they should change them.”

The weakness in Virgin Media’s Super Hub 2 was highlighted in an investigation by consumer group Which?

The company has since advised customers using default network and router passwords to update them immediately.

However, a BT spokeswoman told the BBC: “We are not impacted by the hub issues affecting Virgin Media.”

What makes a router vulnerable?

Many routers are sent to customers with a default wi-fi password already set up.

Some use a long password with mixture of upper and lower-case letters, numbers and sometimes symbols.

But others use short passwords with a limited selection of characters, and many follow a pattern than can be identified by attackers.

The Virgin Media Super Hub 2 used passwords that were just eight characters long, and used only lower-case letters.

That gives cyber-criminals a framework to help them crack passwords quickly, using a dedicated computer.


“Because the default wi-fi password formats are known, it’s not difficult to crack them,” said Mr Munro.

Once an attacker has access to your wi-fi network, they can seek out further vulnerabilities.

Virgin Media router
Image captionDefault passwords that follow patterns are easier to crack

Mr Munro said the problem was well-known, but the Which? investigation had reignited discussion.

“It has popped up again because attention has been drawn to the fact that very few people change their wi-fi password from the one written on the router,” he told the BBC.

Experts recommend that people change the default wi-fi password and router’s admin password, using long and complex passwords to make life more difficult for attackers.

Happy New Year! Tech resolutions for 2017

January 3rd, 2017 Posted by Tech Talk No Comment yet

Most New Year resolutions are based around promises to eat less, exercise more, cut down alcohol, be nicer etc…but what about making some tech resolutions to make your life better too?

Unsubscribe from Junk Mail

tech resolution

 

If you’re anything like us, you spend a chunk of time every day deleting junk email from your inbox. Maybe they’re newsletters you signed up for but no longer read, maybe it’s a steady flow of deal promotions from shops where you’ve shopped. Whatever the case, they’re clogging up your inbox and wasting your time.So here’s the plan: Every day, unsubscribe from five lists (not including, ahem, Microcomms, of course). That’s it, just five. Assuming you easily can find the “unsubscribe” link, which is almost always included in tiny print near the bottom of the email, the process should take no more than 30 seconds per message.

 

Set up automated back-ups tech resolutions

It’s never been easier to archive your data. External hard drives and flash drives continue to grow in capacity and shrink in price, so the financial burden is less. Same goes for cloud storage, which makes data preservation an automated, set-it-and-forget-it affair. We can help you set your back-up system up and advise about which solution is best for you – just get in touch!

 

 

Install a password managerpasswords

For your own sanity and security, install a password manager and change all of your passwords so every single one is different, and every single one is long and hard to crack. There are plenty of good choices available, many free of charge – LastPass 4.0, LogMeOnce and Dashlane 4 all come highly recommended.

 

 

Update all your Apps and Operating System tech resolutions

Updates,  don’t just appear for the fun of it. Although they might seem annoying, an update will normally bring a fix for a bug, or make the app itself faster, sometimes it will even introduce new features so they are worth doing, and staying on top of – don’t ignore them.

 

 

Spend less time on Social Mediatech resolutions

A recent study has found that social media increases levels of envy and jealousy. “Millions of hours are spent on Facebook each day,” wrote report author Morten Tromholt. “We are surely better connected now than ever before, but is this new connectedness doing any good to our well-being?” In the test, the Facebook users rated their life satisfaction at 7.74 out of 10 average, but those who stayed away rated it at 8.11.

You don’t have to quit completely, but maybe cut down the amount of time you spend on social media every day – perhaps limit yourself to one or two checks a day.

Here’s to a great 2017!

 

 

 

 

 

 

Keep new devices safe and secure – iPad

November 25th, 2016 Posted by Uncategorized No Comment yet

iPad

 

 

 

 

 

 
The iPad is one of the safest computing devices you can use. Its combination of hardware and software security translate to a device that’s probably more secure than your PC or Mac—especially if you take the right steps to secure it. The biggest security risk is physically losing the device. Thus, the first step is to make sure your tablet’s data is safe in case it’s lost or stolen.

Here are some tips to keep your data away from the wrong hands:

– All iPads ship with powerful hardware encryption built-in, but you need to enable it. The simplest way to do that is to set a passcode on your iPad: As soon as you do, your data will be automatically encrypted. To enable a passcode, go to Settings -> General -> Passcode Lock and then enter a four-digit code twice. If you’d like to be extra-safe, you can turn the Simple Passcode option on that same page off; you can then use longer codes.

-It’s pointless having a strong passcode if your messages and alerts are visible or you can use Siri, Control Center and Passbook without unlocking your phone. Go to Settings > Touch ID & Passcode and turn off the options under ‘Allow access when locked’. Turn off access to Control Centre under Settings > Control Centre. Messages and notifications can be turned off under Settings > Notifications.

– Learn to say “No” to any app that asks for location access on your iPad. This feature doesn’t only enjoy your private information but also drains the battery and processor on your iOS devices. In this situation, go to Settings → Privacy → Location Services and manage all settings.

– Apple’s newest devices ( iPad Air 2 and iPad Mini 3) feature Touch ID, which scans your fingerprint to unlock it. To enable Touch ID, tap Settings > Touch ID & Passcode and register your fingerprint.

– Turn on Apple’s two-step verification for your Apple ID account to stop unauthorized access – it requires a code along with your password when signing into iCloud, iMessage and FaceTime and before making purchases via iTunes. This code is texted to your phone.

– Apple delivers regular updates to its mobile operating system that include security fixes. Set your device to download and install updates when they’re available by tapping Settings > iTunes & App Store and under ‘Automatic Downloads’ toggle the switch next to ‘Updates’ to ‘On’.