Ever wonder how passwords get stolen? I like to imagine a team of hackers like The Lone Gunmen from The X-Files, all crowded in some hideout conducting illegal computer business based on tips from rogue FBI Agents.
Turns out there’s a little more to hacking than waiting for Fox Mulder to show up with hints.
Most of the common tactics involve guessing passwords utilizing online and offline techniques to acquire entry. One of the main methods is a dictionary attack.
This method automatically tries everything listed in a small file, the “dictionary,” which is populated with common passwords, like 123456 or qwerty. If your password is something tragically simple, you’re out of luck in a dictionary attack.
To protect yourself, use strong single-use passwords for each individual account. You can keep track of these with a password manager, because no one is expecting you to remember a string of nonsensical numbers, letters, and characters that make up a strong password.
Of course, there are still ways for hackers to figure out even complex passwords.
In a brute force attack, every possible character combination is tried. For example, if the password is required to have at least one uppercase letter and one number, a brute force attack will meet these specifications when generating potential passwords.
Brute force attacks also include the most commonly used alphanumeric combinations, like a dictionary attack. Your best bet against this type of attack is using extra symbols like & or $ if the password allows, or including a variety of variables whenever possible.
Spidering is another online method similar to a dictionary attack. Hackers may target a specific business, and try a series of passwords related to the company. This usually involves using a search “spider” to collate a series of related terms into a custom word list.
While spidering can be devastating if successful, this kind of attack is diverted with strong network security and single-use passwords that don’t tie in easily searchable personal information.
Malware opens up some more fun options for hackers, especially if it features a keylogger, which monitors and records everything you type. With a keylogger, all your accounts could potentially be hacked, leaving you SOL. There are thousands of malware variants, and they can go undetected for a while.
Fortunately, malware is relatively easy to avoid by regularly updating your antivirus and antimalware software. Oh, and don’t click on sketchy links or installation packages containing bundleware. You can also use script blocking tools.
The delightfully named (but in actuality awful) rainbow table method is typically an offline attack where hackers acquire an encrypted list of passwords. The passwords will be hashed, meaning it looks completely different from what you would type to log in.
However, attackers can run plaintext passwords through a hashtag algorithm and compare the results to their file with encrypted passwords. To save time, hackers can use or purchase a “rainbow table”, which is a set of precomputed algorithms with specific values and potential combinations.
The downside here is rainbow tables take up a lot of space, and hackers are limited to the values listed in the table. Although rainbow tables open up a nightmare storm of hacking potential, you can protect yourself by avoiding sites that limit you to very short passwords, or use SHA1 or MD5 as their password algorithms.
There’s also phishing, which isn’t technically hacking, but is one of the more common ways passwords are stolen. In a phishing attempt, a spoof email requiring immediate attention links to a fake login landing page, where users are prompted to input their login credentials.
The credentials are then stolen, sold, used for shady purposes, or an unfortunate combination of all the above. Although spam distribution has greatly increased over the past year, you can protect yourself with spam filters, link checkers, and generally not trusting anything requesting a ton of personal information tied to a threat of your account being shut down.
Last but certainly not least, there’s social engineering. This is a masterpiece of human manipulation, and involves an attacker posing as someone who needs login, or password, building access information. For example, posing as a plumbing company needing access to a secure building, or a tech support team requiring passwords.
This con is avoidable with education and awareness of security protocol company wide. And also you know, not providing sensitive information to anyone who asks. Even if they seem like a very trustworthy electrician, or promise they definitely aren’t Count Olaf.
Moral of the story? Your passwords will never be completely safe, but you can take steps to prevent some avoidable hacking methods.
Always have a single-use password for each account, use a password manager to store complex passwords, update malware, keep your eye out for phishing attempts, and don’t you dare make your password “passoword.”
Google set to release new AI-operated meeting room kit… and it’s pretty baller
(TECH NEWS) Google’s newest toy is designed to “put people first” by alleviating video and audio issues for conference room meetings.
Remote meetings can be the worst sometimes. The awful video and audio quality are frustrating when you’re trying to hear important details for an upcoming project. Even with the fastest internet connection, this doesn’t guarantee you’ll be able to clearly hear or see anyone who’s in the office. But Google is re-imagining conference rooms with their new video conferencing hardware.
Yesterday, the company introduced Google Meet Series One. In partnership with Lenovo, this meeting room kit is made exclusively for Google Meet and is poised to be the hardware that “puts people first.”
The Series One has several components that make it stand out. First is the “Smart Audio Bar,” powered by eight beam-forming microphones. Using Google Edge TPUs, the soundbar can deliver TrueVoice®, the company’s “proprietary, multi-channel noise cancellation technology.” It removes distracting sounds, like annoying finger and foot-tapping noises, so everyone’s voices are crystal clear from anywhere in the room.
The hardware also has 4K smart cameras that allow for high-resolution video and digital PTZ (pan, tilt, zoom) effects. Processed with Google AI, the device knows to automatically zoom in and out so all of the meetings’ participants are framed in the camera. With an i7 processor and Google Edge TPUs, the system is built to “handle the taxing demands of video conferencing along with running the latest in Google AI as efficiently and reliably as possible.”
The meeting kit has Google grade security built-in, so the system automatically updates over-the-air. The system also works seamlessly with Google services and apps we already use. Its touch control display is powered by a single ethernet cable. From the admin controls, you can manage meeting lists and control room settings. Powered by assistant voice commands, their touch controller provides a “touchless touchability”; if you want to, you can join a meeting just by saying, “Hey Google, join the meeting.”
These new meeting kits are easy to install and are versatile. They can be configured to fit small, medium, and large-sized rooms. “Expanding kits for larger rooms can be done with just an ethernet cable and the tappable Mic Pod, which expands microphone reach and allows for mute/unmute control.”
According to the Google Meet Series One introductory video, the meeting room kits are “beautifully and thoughtfully designed to make video meetings approachable and immersive so everyone gets a seat at the table.”
Currently, there is no release date set for Google Meet Series One. However, pre-orders will soon be available in the US, Canada, Finland, France, Norway, Spain, Ireland, United Kingdom, Sweden, Australia, New Zealand, Japan, Netherlands, Denmark, and Belgium.
One creepy way law enforcement might have your private data
(TECH NEWS) Wait, geofences do what? Law enforcement can pull your private data if you’re in the wrong place at the wrong time.
By now, it’s pretty common knowledge that our smartphones are tracking us, but what you might not be aware of is just how much law enforcement is taking advantage of our private data. Now, the good news is that some places have gotten wise to this breach of privacy and are banning certain tactics. The bad news is: If you were ever in the vicinity of a recent crime scene, it’s quite possible your privacy has already been invaded.
How are law enforcement doing this? Well, it starts with a geofence.
At its core, a geofence is a virtual border around a real geographic location. This can serve many purposes, from creating marketing opportunities for targeted ads to tracking shipping packages. In the case of law enforcement, though, geofences are often used in something called a geofence warrant.
Traditionally, warrants identify a subject first, then retrieve their electronic records. A geofence warrant, on the other hand, identifies a time and place and pulls electronic data from that area. If you’re thinking “hey, that sounds sketchy,” you are–forgive the pun–completely warranted.
With a geofence, law enforcement can dig through your private data, not because they have proof you were involved in a crime, but because you happened to be nearby.
This practice, though relatively new, is on the rise: Google reported a 15-fold increase in geofence warrant requests between 2017 and 2018. As well as invading privacy, these warrants have led to false arrests and can be used against peaceful protesters. Not to mention, in many cases, geofence warrants can be extremely easy to acquire. One report in Minnesota found judges signed off on these cases in under 4 minutes.
Thankfully, there have been signs of people pushing back against the use of geofence warrants. In fact, there have been multiple federal court rulings that find the practice in violation of the Fourth Amendment, which protects citizens from “unreasonable searches and seizures,” including your electronic data.
If you’re still worried about your privacy, there are ways to keep your electronic data on lock. For example, turn off your location services when you’re traveling, and avoid connecting to open Wi-Fi networks. You can also work to limit location sharing with apps and websites.
Incoming! Amazon drones will be dropping off packages soon (we hope)
(TECH NEWS) The Federal Aviation Administration has approved Amazon for drone delivery service, but when will the drones actually take flight?
Amazon has finally received the stamp of approval from the Federal Aviation Administration (FAA) to deliver packages by drones. This pivotal step brings the online retailer closer to their promise of delivering packages to customers in 30 minutes or less.
In 2013, during CBS’s “60 Minutes” interview, Amazon CEO and Founder, Jeff Bezos, said drones would be delivering customers’ packages within five years. Although the estimate is a couple of years off, it seems like that day might be right around the corner.
Personally, I’m looking forward to the day when little floating presents are sailing through the sky (Animal Crossing balloons, anyone?). Despite our excitement to see our latest Amazon impulse purchase land on our doorstep, it isn’t going to happen overnight.
The Part 135 Air Carrier Certificate Amazon obtained for its fleet of Prime Air drones will allow the company to use unmanned aircraft systems (UAS) “to carry the property of another for compensation beyond visual line of sight.” Although the FAA certification is allowing Amazon to begin test trials, Bloomberg reports that the retail giant still has “regulatory and technical hurdles” to overcome.
In addition, the FAA has yet to set regulations that will “serve as a framework to expand drone flights over crowds, a building block necessary for deliveries.” Amazon hasn’t said when and where it will start testing the delivery service either.
David Carbon, Amazon Vice President who oversees Prime Air, made this statement: “This certification is an important step forward for Prime Air and indicates the FAA’s confidence in Amazon’s operating and safety procedures for an autonomous drone delivery service that will one day deliver packages to our customers around the world.”
This approval is definitely a step forward, but Amazon has been working on the drone delivery service for years. Early last year, the giant retailer revealed they would start offering one-day shipping. They have followed through on this, at least. And during a Las Vegas Conference in June 2019, they revealed their “fully electric drones that can fly up to 15 miles and deliver packages under five pounds to customers in less than 30 minutes.” But it still doesn’t answer when we can expect to see whizzing drones overhead.
I’m not sure when Amazon will fulfill their last promise. But it is getting closer. What I do know is that I look forward to the Amazon drones taking flight. I can’t wait to place my orders knowing that I will get that last-minute present I ordered just in time.
Opinion Editorials4 days ago
The actual reasons people choose to work at startups
Business Marketing2 weeks ago
Why you must nix MLM experience from your resume
Opinion Editorials2 weeks ago
Online dating is evolving and maybe networking will too
Business News2 weeks ago
Freelancers, rejoice! AB5 modified for the better
Business Finance2 weeks ago
Bitcoins worth $300K recovered from an old zip file
Business Entrepreneur2 weeks ago
Kanception simplifies your project management with nested tasks
Tech News2 weeks ago
Third-party MacBook repair shops will get Apple seal of approval
Business News1 week ago
2020 Black Friday shopping may break the mold