Ever wonder how passwords get stolen? I like to imagine a team of hackers like The Lone Gunmen from The X-Files, all crowded in some hideout conducting illegal computer business based on tips from rogue FBI Agents.
Turns out there’s a little more to hacking than waiting for Fox Mulder to show up with hints.
Most of the common tactics involve guessing passwords utilizing online and offline techniques to acquire entry. One of the main methods is a dictionary attack.
This method automatically tries everything listed in a small file, the “dictionary,” which is populated with common passwords, like 123456 or qwerty. If your password is something tragically simple, you’re out of luck in a dictionary attack.
To protect yourself, use strong single-use passwords for each individual account. You can keep track of these with a password manager, because no one is expecting you to remember a string of nonsensical numbers, letters, and characters that make up a strong password.
Of course, there are still ways for hackers to figure out even complex passwords. In a brute force attack, every possible character combination is tried. For example, if the password is required to have at least one uppercase letter and one number, a brute force attack will meet these specifications when generating potential passwords.
Brute force attacks also include the most commonly used alphanumeric combinations, like a dictionary attack. Your best bet against this type of attack is using extra symbols like & or $ if the password allows, or including a variety of variables whenever possible.
Spidering is another online method similar to a dictionary attack. Hackers may target a specific business, and try a series of passwords related to the company. This usually involves using a search “spider” to collate a series of related terms into a custom word list.
While spidering can be devastating if successful, this kind of attack is diverted with strong network security and single-use passwords that don’t tie in easily searchable personal information.
Malware opens up some more fun options for hackers, especially if it features a keylogger, which monitors and records everything you type. With a keylogger, all your accounts could potentially be hacked, leaving you SOL. There are thousands of malware variants, and they can go undetected for a while.
Fortunately, malware is relatively easy to avoid by regularly updating your antivirus and antimalware software. Oh, and don’t click on sketchy links or installation packages containing bundleware. You can also use script blocking tools.
The delightfully named (but in actuality awful) rainbow table method is typically an offline attack where hackers acquire an encrypted list of passwords. The passwords will be hashed, meaning it looks completely different from what you would type to log in.
However, attackers can run plaintext passwords through a hashtag algorithm and compare the results to their file with encrypted passwords. To save time, hackers can use or purchase a “rainbow table”, which is a set of precomputed algorithms with specific values and potential combinations.
The downside here is rainbow tables take up a lot of space, and hackers are limited to the values listed in the table. Although rainbow tables open up a nightmare storm of hacking potential, you can protect yourself by avoiding sites that limit you to very short passwords, or use SHA1 or MD5 as their password algorithms.
There’s also phishing, which isn’t technically hacking, but is one of the more common ways passwords are stolen. In a phishing attempt, a spoof email requiring immediate attention links to a fake login landing page, where users are prompted to input their login credentials.
The credentials are then stolen, sold, used for shady purposes, or an unfortunate combination of all the above. Although spam distribution has greatly increased over the past year, you can protect yourself with spam filters, link checkers, and generally not trusting anything requesting a ton of personal information tied to a threat of your account being shut down.
Last but certainly not least, there’s social engineering. This is a masterpiece of human manipulation, and involves an attacker posing as someone who needs login, or password, building access information. For example, posing as a plumbing company needing access to a secure building, or a tech support team requiring passwords.
This con is avoidable with education and awareness of security protocol company wide. And also you know, not providing sensitive information to anyone who asks. Even if they seem like a very trustworthy electrician, or promise they definitely aren’t Count Olaf.
Moral of the story? Your passwords will never be completely safe, but you can take steps to prevent some avoidable hacking methods.
Always have a single-use password for each account, use a password manager to store complex passwords, update malware, keep your eye out for phishing attempts, and don’t you dare make your password “passoword.”
Slack video messaging tool for the ultra lazy (or productive) person
(TECHNOLOGY) Courtesy of a company called Standuply, Slack’s notable lack of video-messaging options is finally addressed.
Slack — the popular chat and workflow app — is still going strong despite its numerous technical shortcomings, one of which is its notable lack of native video or audio chat. If you’re an avid Slack user, you might be interested in Standuply’s solution to this missing feature: video and audio messaging.
While it isn’t quite the Skype-esque experience for which one might hope when booting up Slack, Standuply’s video messages add-on gives you the ability to record and send a video or audio recording to any Slack channel. This makes things like multitasking a breeze; unless you’re a god among mortals, your talking speed is significantly faster than your typing, making video- or audio-messaging a viable productivity move.
The way you’ll record and send the video or audio message is a bit convoluted: using a web browser and a private Slack link, you can record up to five minutes of content, after which point the content is uploaded to YouTube as a private item. You can then use the item’s link to send the video or audio clip to your Skype channel.
While this is a fairly roundabout way of introducing video chat into Slack, the end result is still a visual conversation which is conducive to long-term use.
Sending video and audio messages may feel like an exercise in futility (why use a third-party tool when one could just type?) but the amount of time and energy you can save while simultaneously responding to feedback or beginning your next task adds up.
Similarly, having a video that your team can circle back to instead of requiring them to scroll through until they find your text post on a given topic is better for long-term productivity.
And, if all else falls short, it’s nice to see your remote team’s faces and hear their voices every once in a while—if for no other reason than to reassure yourself that they aren’t figments of your overly caffeinated imagination.
At the time of this writing, the video chat portion of the Slack bot is free; however, subsequent pricing tiers include advanced aspects such as integration with existing services, analytics, and unlimited respondents.
This phishing simulator tests your company’s (lack of) readiness
(TECHNOLOGY) Phishero is a tool which tests your organization’s resistance to phishing attacks. Pro tip: Most companies aren’t ready.
In the wake of any round of cyberattacks, many organizations question whether they’re prepared to defend themselves against things like hacking or other forms of information theft. In reality, the bulk of workplace data thievery comes from a classic trick: phishing.
Phishing is a catch-all phrase for a specific type of information theft which involves emailing. Typically, a phishing email will include a request for sensitive data, such as a password, a copy of a W-4, or an account’s details (e.g., security questions); the email itself will often appear to come from someone within the organization.
Similar approaches include emailing a link which acts as a login page for a familiar site (e.g., Facebook) but actually stores your account information when you sign in.
Luckily, there’s a way for you to test your business’ phishing readiness.
Phishero, a tool designed to test employee resistance to phishing attacks, is a simple solution for any business looking to find any weak links in their cybersecurity.
The tool itself is designed to do four main things: identify potential targets, find a way to design a convincing phishing scheme, implement the phishing attack, and analyze the results.
Once Phishero has a list of your employees, it is able to create an email based on the same web design used for your company’s internal communications. This email is then sent to your selected recipient pool, from which point you’ll be able to monitor who opens the email.
Once you’ve concluded the test, you can use Phishero’s built-in analytics to give you an at-a-glance overview of your organization’s security.
The test results also include specific information such as which employees gave information, what information was given, and pain points in your current cybersecurity setup.
Phishing attacks are incredibly common, and employees – especially those who may not be as generationally skeptical of emails – are the only things standing between your company and catastrophic losses if they occur in your business. While training your employees on proper email protocol out of the gate is a must, Phishero provides an easy way to see how effective your policies actually are.
Could Amazon’s new augmented reality app replace auto mechanics?
(TECHNOLOGY) Augmented reality has been gimmicky at best, but Amazon plans on changing that with their new step forward in auto parts. But could it threaten mechanics’ market share?
During its brief time in the mainstream spotlight, augmented reality (AR) technology has been used to measure objects, disappoint crowdfunding audiences, and catch Pokémon.
However, its most recent iteration (by Amazon) might have you rethinking your last trip to the used auto parts store (and your aforementioned disappointment in AR).
While Amazon has explored augmented reality applications in the past, the uses have generally revolved around projecting things such as furniture representations into rooms.
In theory, a user could select a specific model of furniture and, using their smartphone, see what the room would look like with the piece of furniture in it. Their new augmented reality service plans to extend that same technology to encompass a smaller-scale setting: automobile parts.
The app is still in its early stages of development, and they’ve only recently been granted the patent, but the concept sounds incredibly promising.
To use the app itself, a customer would point their smartphone’s camera at the vehicle’s engine. The app would feasibly start by identifying your vehicle’s model information and displaying different modular points, after which point you would be able to select a type of part and project it onto your vehicle to see how it fits.
Once you found the correct part for your vehicle, Amazon could order the part via the standard Amazon app.
In an age where the combination of YouTube and your dad’s toolbox provides an attractive alternative to paying the local mechanic, having the option to diagnose accurately your problem and have a reliable solution appear is a huge potential step forward (IF and only if you are the type of person that isn’t intimidated by a car engine).
Amazon is used to crushing the competition in traditional fields; however, where automotive augmented reality is concerned, it seems like Amazon may be the first big name to consider. Virtually no companies use augmented reality for in-house repairs, and customer-level AR support is nonexistent, making Amazon the obvious (and only) choice for now.
Augmented reality has been little more than a novelty thus far, and while some of its applications have been more geared toward services than entertainment, arguably none have been essential for more than a limited number of users (even their grocery offering). Amazon’s foray into automotive self-help is a promising step toward mainstream augmented reality which both improves users’ lives and serves a purpose greater than the sum of its parts.
We’ll stick with our trusted mechanics for our nicer cars and feel dubious that Amazon will ever threaten the practice, but for our junkers that just need a new air filter, we’re down for some AR magic.
Our ruling is that this app is pretty cool and could replace auto parts competitors, and perhaps even be used by tinkerers, but it’s unlikely that any amount of AR magic will replace mechanics (I mean, have you had to replace a part in an Audi!? You have to take out the entire engine to get to the transmission, so no thanks).
The strong case for Texas being technology’s next frontier
Skilled workers can live in any city they wish and still get work [study]
Slack video messaging tool for the ultra lazy (or productive) person
Use the ‘Blemish Effect’ to skyrocket your sales
How to turn your complaint mindset into constructive actions
Yell ‘Marco,’ this app makes your phone yell ‘Polo’
7 Facebook groups that all entrepreneurs should join
Ten podcasts that every business owner should hear
How you can be a positive point of change in the service industry
Instagram re-posting can get your company into deep trouble
Amy’s Ice Cream founder on Austin’s business risks and rewards #WhyAustin
Turns out a lot of people are in between introverted and extroverted
P. Terry’s founder on the booming economy in Austin #WhyAustin
Ladies and gentlemen, the U.S. National Anthem
Indeed President, Chris Hyams tells us #WhyAustin [video]
Our Great Parnters
news neatly in your inbox
Subscribe to our mailing list and get interesting stuff and updates to your email inbox.
Thank you for subscribing.
Oh boy... Something went wrong.
Social Media3 weeks ago
Red flags to help you spot a bad social media professional
Business News3 weeks ago
What to do if your company is getting straight-to-voicemail calls
Business Entrepreneur3 weeks ago
If you are prone to a ton of meetings and calls, you need Aloe
Opinion Editorials3 weeks ago
Editorial: How *not* to advocate for women at work
Opinion Editorials2 days ago
How to encourage your childrens’ entrepreneurship
Tech News3 weeks ago
Predicting success is hard, but “all-seeing” scheduling app may help!
Business News3 weeks ago
7 ways to tell if a job posting is actually a human sex trafficker
Business Marketing2 weeks ago
What skills do marketers need to survive the AI takeover?