Ever wonder how passwords get stolen? I like to imagine a team of hackers like The Lone Gunmen from The X-Files, all crowded in some hideout conducting illegal computer business based on tips from rogue FBI Agents.
Turns out there’s a little more to hacking than waiting for Fox Mulder to show up with hints.
Most of the common tactics involve guessing passwords utilizing online and offline techniques to acquire entry. One of the main methods is a dictionary attack.
This method automatically tries everything listed in a small file, the “dictionary,” which is populated with common passwords, like 123456 or qwerty. If your password is something tragically simple, you’re out of luck in a dictionary attack.
To protect yourself, use strong single-use passwords for each individual account. You can keep track of these with a password manager, because no one is expecting you to remember a string of nonsensical numbers, letters, and characters that make up a strong password.
Of course, there are still ways for hackers to figure out even complex passwords.
In a brute force attack, every possible character combination is tried. For example, if the password is required to have at least one uppercase letter and one number, a brute force attack will meet these specifications when generating potential passwords.
Brute force attacks also include the most commonly used alphanumeric combinations, like a dictionary attack. Your best bet against this type of attack is using extra symbols like & or $ if the password allows, or including a variety of variables whenever possible.
Spidering is another online method similar to a dictionary attack. Hackers may target a specific business, and try a series of passwords related to the company. This usually involves using a search “spider” to collate a series of related terms into a custom word list.
While spidering can be devastating if successful, this kind of attack is diverted with strong network security and single-use passwords that don’t tie in easily searchable personal information.
Malware opens up some more fun options for hackers, especially if it features a keylogger, which monitors and records everything you type. With a keylogger, all your accounts could potentially be hacked, leaving you SOL. There are thousands of malware variants, and they can go undetected for a while.
Fortunately, malware is relatively easy to avoid by regularly updating your antivirus and antimalware software. Oh, and don’t click on sketchy links or installation packages containing bundleware. You can also use script blocking tools.
The delightfully named (but in actuality awful) rainbow table method is typically an offline attack where hackers acquire an encrypted list of passwords. The passwords will be hashed, meaning it looks completely different from what you would type to log in.
However, attackers can run plaintext passwords through a hashtag algorithm and compare the results to their file with encrypted passwords. To save time, hackers can use or purchase a “rainbow table”, which is a set of precomputed algorithms with specific values and potential combinations.
The downside here is rainbow tables take up a lot of space, and hackers are limited to the values listed in the table. Although rainbow tables open up a nightmare storm of hacking potential, you can protect yourself by avoiding sites that limit you to very short passwords, or use SHA1 or MD5 as their password algorithms.
There’s also phishing, which isn’t technically hacking, but is one of the more common ways passwords are stolen. In a phishing attempt, a spoof email requiring immediate attention links to a fake login landing page, where users are prompted to input their login credentials.
The credentials are then stolen, sold, used for shady purposes, or an unfortunate combination of all the above. Although spam distribution has greatly increased over the past year, you can protect yourself with spam filters, link checkers, and generally not trusting anything requesting a ton of personal information tied to a threat of your account being shut down.
Last but certainly not least, there’s social engineering. This is a masterpiece of human manipulation, and involves an attacker posing as someone who needs login, or password, building access information. For example, posing as a plumbing company needing access to a secure building, or a tech support team requiring passwords.
This con is avoidable with education and awareness of security protocol company wide. And also you know, not providing sensitive information to anyone who asks. Even if they seem like a very trustworthy electrician, or promise they definitely aren’t Count Olaf.
Moral of the story? Your passwords will never be completely safe, but you can take steps to prevent some avoidable hacking methods.
Always have a single-use password for each account, use a password manager to store complex passwords, update malware, keep your eye out for phishing attempts, and don’t you dare make your password “passoword.”
Airbnb has blocked 50K+ bookings for being too big during COVID-19
(NEWS) Airbnb has cancelled a huge number of reservations as a security precaution during COVID-19 in the past year or so.
In the last year or so, Airbnb has purposefully prevented at least 50,000 people from making irresponsible reservations on their properties, in many cases blocking those people from the platform itself. This prevention, at least in theory, helped cut down on the number of COVID parties during the pandemic.
According to The Verge, Airbnb’s head of trust and safety communication, Ben Breit, acknowledged blocked reservations in several cities across the United States, including Dallas, San Diego, and New Orleans. Breit confirmed that this response was an attempt to prevent large gatherings and parties during the height of the COVID-19 pandemic during which many areas banned group activities involving more than a few people.
While some requests for reservations were simply denied or “redirected”, many users were blocked from using Airbnb entirely. Airbnb noted that the number of blocked requests outpaced the number of people who were blocked, signifying that some accounts attempted to make more than one reservation before being removed from the platform.
Airbnb reportedly stated that “Instituting a global ban on parties and events is in the best interest of public health” prior to enacting a total ban on rentals at the beginning of 2020, a decision that gave way to the blocks and redirections in the last 12 months.
The evaluation system used to flag problematic reservations is relatively simple, according to Breit: “If you are under the age of 25 and you don’t have a history of positive reviews, we will not allow you to book an entire home listing local to where you live.”
But Airbnb didn’t entirely remove multiple-body listings or large rentals. The Verge reports that flagged users with the aforementioned criteria were still able to book both small rentals in local locations and larger rentals in reasonably distant locations.
Regardless of the optics here, Airbnb’s policy efficacy can’t be ignored. Multiple cities reported comparatively “quiet” holiday seasons–something that may contribute to Airbnb’s decision to extend their policy through the end of this summer.
The hosting company is also offering increased security measures, such as noise detection and a 24-hour hotline, at a discounted rate to property owners.
As both the vaccine gap and the proliferation of the Delta variant of COVID-19 continue to contribute to outbreaks, one can reasonably expect Airbnb to hold to this policy.
TL;DV summarizes video meetings so folks can catch up in quickly *with* context
(TECHNOLOGY) TL;DV makes catching up on video team meetings slightly more tolerable and easily digestable.
2021 was the year of virtual meetings, and while there are some perks associated with remote collaboration (I’m looking at you, pair of work pants that I didn’t have to wear once this year), these meetings often feel exponentially more arduous than their dressed-up counterparts. TL;DV, a consolidation app for Google Meet, looks to give back a bit of your time.
TL;DV (an acronym for “Too Long; Didn’t View”) is a Google Chrome recording extension that helps users specify important sections of meetings for anyone who needs to view them asynchronously. Users can tag specific segments in Google Meet sessions, transcribe audio, and leave notes above tagged sections for timestamp purposes, and the subsequent file can be shared via a host of both Google and third-party apps.
While the extension is only available for Google Meet at the time of writing, the TL;DV team has included a link to a survey for Zoom and MS Teams users on their site, thus implying that the team is looking into expanding into those platforms in the future.
The mission behind TL;DV is, according to the website, to empower users to “control how we spend our precious time” in the interest of combatting FOMO and meeting fatigue. By dramatically shortening the amount of time one must spend perusing a meeting recording, they seem well on their way to doing so.
Of course, the issue of human oversight remains. It seems likely that meeting facilitators will drop the ball here and there while tagging sections of the recording, and employees who miss crucial information in a recorded session are sure to be frustrated in the process–just not as frustrated as they might be if they attended the entire meeting live.
The current (free) version of TL;DV is in Beta, so users will have a three-hour cap on their videos. The development team promises a professional version by the end of 2021, with the added bonus of leaving prior recordings available for free for anyone who used the Beta. This is certainly an extension to keep an eye on–whether or not you’re remaining remote in 2022, virtual conferencing is no doubt here to stay.
Hiding from facial recognition is a booming business
(TECH NEWS) ‘Cloaking’ is the new way to hide your face. Companies are making big money designing cloaking apps that thwart your features by adding a layer of make up, clothing, blurring, and even transforming you into your favorite celebrity.
Facial recognition companies and those who seek to thwart them are currently locked in a grand game of cat and mouse. Though it’s been relentlessly pursued by police, politicians, and technocrats alike, the increasing use of facial recognition technology in public spaces, workplaces, and housing complexes remains a widely unpopular phenomenon.
So it’s no surprise that there is big money to be made in the field of “cloaking,” or dodging facial recognition tech – particularly during COVID times while facial coverings are, literally, in fashion.
Take Fawkes, a cloaking app designed by researchers at the University of Chicago. It is named for Guy Fawkes, the 17th century English revolutionary whose likeness was popularized as a symbol of anonymity, and solidarity in V For Vendetta.
Fawkes works by subtly overlaying a celebrity’s facial information over your selfies at the pixel level. To your friends, the changes will go completely unnoticed, but to an artificial intelligence trying to identify your face, you’d theoretically look just like Beyonce.
Fawkes isn’t available to the general public yet, but if you’re looking for strategies to fly under the radar of facial recognition, don’t fret; it is just one example of the ways in which cloaking has entered the mainstream.
Other forms of cloaking have emerged in the forms of Tik Tok makeup trends, clothes that confuse recognition algorithms, tools that automatically blur identifying features on the face, and much more. Since effective facial recognition relies on having as much information about human faces as possible, cloaking enthusiasts like Ben Zhao, Professor of computer science at the University of Chicago and co-developer of Fawkes, hope to make facial recognition less effective against the rest of the population too. In an interview with The New York Times, Zhao asserts, “our [team’s] goal is to make Clearview [AI] go away.”
For the uninitiated, Clearview AI is a start-up that recently became infamous for scraping billions of public photos from the internet and privately using them to build the database for a law enforcement facial recognition tool.
The CEO of Clearview, Hoan Ton-That, claimed that the tool would only be improved by these workarounds and that in long run, cloaking is futile. If that sounds like supervillain talk, you might see why he’s earned himself a reputation similar to the likes of Martin Shkreli or Ajit Pai with his company’s uniquely aggressive approach to data harvesting.
It all feels like the beginning of a cyberpunk western: a story of man vs. machine. The deck is stacked, the rules are undecided, and the world is watching. But so far, you can rest assured that no algorithm has completely outsmarted our own eyeballs… yet.
Business Marketing2 weeks ago
Coworkers are not your ‘family’ [unpopular opinion]
Business News1 week ago
Everyone should have an interview escape plan
Business Finance5 days ago
Freelancers: How to get away from billing hourly
Opinion Editorials6 days ago
How strong leaders use times of crises to improve their company’s future
Business Finance2 weeks ago
Is the convenience of payment apps worth the risk of fraud?
Tech News4 days ago
Hiding from facial recognition is a booming business
Business Entrepreneur2 weeks ago
Why and how to acquire a business – 4 tips for radical success
Tech News4 days ago
Spike helps you stay on top of website issues before they happen