Ever wonder how passwords get stolen? I like to imagine a team of hackers like The Lone Gunmen from The X-Files, all crowded in some hideout conducting illegal computer business based on tips from rogue FBI Agents.
Turns out there’s a little more to hacking than waiting for Fox Mulder to show up with hints.
Most of the common tactics involve guessing passwords utilizing online and offline techniques to acquire entry. One of the main methods is a dictionary attack.
This method automatically tries everything listed in a small file, the “dictionary,” which is populated with common passwords, like 123456 or qwerty. If your password is something tragically simple, you’re out of luck in a dictionary attack.
To protect yourself, use strong single-use passwords for each individual account. You can keep track of these with a password manager, because no one is expecting you to remember a string of nonsensical numbers, letters, and characters that make up a strong password.
Of course, there are still ways for hackers to figure out even complex passwords.
In a brute force attack, every possible character combination is tried. For example, if the password is required to have at least one uppercase letter and one number, a brute force attack will meet these specifications when generating potential passwords.
Brute force attacks also include the most commonly used alphanumeric combinations, like a dictionary attack. Your best bet against this type of attack is using extra symbols like & or $ if the password allows, or including a variety of variables whenever possible.
Spidering is another online method similar to a dictionary attack. Hackers may target a specific business, and try a series of passwords related to the company. This usually involves using a search “spider” to collate a series of related terms into a custom word list.
While spidering can be devastating if successful, this kind of attack is diverted with strong network security and single-use passwords that don’t tie in easily searchable personal information.
Malware opens up some more fun options for hackers, especially if it features a keylogger, which monitors and records everything you type. With a keylogger, all your accounts could potentially be hacked, leaving you SOL. There are thousands of malware variants, and they can go undetected for a while.
Fortunately, malware is relatively easy to avoid by regularly updating your antivirus and antimalware software. Oh, and don’t click on sketchy links or installation packages containing bundleware. You can also use script blocking tools.
The delightfully named (but in actuality awful) rainbow table method is typically an offline attack where hackers acquire an encrypted list of passwords. The passwords will be hashed, meaning it looks completely different from what you would type to log in.
However, attackers can run plaintext passwords through a hashtag algorithm and compare the results to their file with encrypted passwords. To save time, hackers can use or purchase a “rainbow table”, which is a set of precomputed algorithms with specific values and potential combinations.
The downside here is rainbow tables take up a lot of space, and hackers are limited to the values listed in the table. Although rainbow tables open up a nightmare storm of hacking potential, you can protect yourself by avoiding sites that limit you to very short passwords, or use SHA1 or MD5 as their password algorithms.
There’s also phishing, which isn’t technically hacking, but is one of the more common ways passwords are stolen. In a phishing attempt, a spoof email requiring immediate attention links to a fake login landing page, where users are prompted to input their login credentials.
The credentials are then stolen, sold, used for shady purposes, or an unfortunate combination of all the above. Although spam distribution has greatly increased over the past year, you can protect yourself with spam filters, link checkers, and generally not trusting anything requesting a ton of personal information tied to a threat of your account being shut down.
Last but certainly not least, there’s social engineering. This is a masterpiece of human manipulation, and involves an attacker posing as someone who needs login, or password, building access information. For example, posing as a plumbing company needing access to a secure building, or a tech support team requiring passwords.
This con is avoidable with education and awareness of security protocol company wide. And also you know, not providing sensitive information to anyone who asks. Even if they seem like a very trustworthy electrician, or promise they definitely aren’t Count Olaf.
Moral of the story? Your passwords will never be completely safe, but you can take steps to prevent some avoidable hacking methods.
Always have a single-use password for each account, use a password manager to store complex passwords, update malware, keep your eye out for phishing attempts, and don’t you dare make your password “passoword.”
Google Maps will soon display traffic lights
(TECH NEWS) The addition of traffic light positions to Google Maps promises to boost navigation accuracy. Now you won’t run a light while looking at navigation.
At over 150 million monthly users, Google Maps’ value is not to be understated. With a new feature that shows traffic light positions rolling out to select devices and locations soon, one can expect that trend to continue.
A common issue with navigation via an app–especially when navigating solo–is a lack of precision that can lead to confusion, missed exits, potentially dangerous driving, and, worst of all, spilled coffee. By adding the location of traffic lights, Google Maps will improve both landmark recognition and automated navigation by providing drivers with more accessible information.
It’s worth noting a couple of arguing points, the first of which is the assertion that Google is starting from scratch on this feature. They aren’t. In fact, Japan-based Google Maps users have had access to traffic light positioning for years; Google is simply expanding the feature to include a larger number of cities and population density.
In a similar vein, Google also isn’t the first company to implement an ease-of-access feature such as this. Apple Maps has incorporated traffic light recognition since the release of iOS 13, and while its use is hit-or-miss (my iPhone 11 fails to pick up most traffic lights in my admittedly rural town of residence), the option to have Siri direct users to the nearest traffic light rather than saying “in 213.7 feet, turn left” is helpful.
That said, Apple Maps is a service which sees a little over 20 million monthly users–a far cry from Google Maps’ monthly base. For Google, accuracy and speed of updates will be paramount for a successful, routinely helpful launch.
At the time of this writing, Google plans to release the traffic light feature in New York, San Francisco, and a few other United States cities. The feature will be available on Android devices–sorry for now, Apple users–and will ideally expand to encompass most of the country if the initial release is successful.
It will be interesting to see how comprehensive Google’s coverage is and how quick the company is to adjust positioning of lights as cities do what cities do best. For now, if you have an Android device, keep an eye on your Maps app–good things are coming your way.
How Microsoft plans to upskill millions of workers during COVID-19
(TECH NEWS) Microsoft is providing affordable and accessible resources to upskill workers during the COVID-19 economy.
While the undeniable amount of job loss in the Unites States, thanks to COVID-19, may have lost some steam in the news, there are many people out of work and job searching. As of June 6, 2020, “Total nonfarm payroll employment rose by 4.8 million in June, and the unemployment rate declined to 11.1 percent, the U.S. Bureau of Labor Statistics reported today.”
This means many Americans are quietly pondering their next move. Some are freaking out over what their next place or type of employment will be, while others are taking a minute to pause and re-design their life’s path. Both may be hopeful that their career is aligning with their ultimate goals or ways in which they would prefer to live their life via professional pursuits and family preferences. There may be an optimistic outlook as well if they have been able to score interviews and feel some excitement about new opportunities amongst the angst and uncertainty.
However, as you may likely know, after a job loss, the job seeker has some extra time to think and this can be scary for some. They may catch themselves with extra worry or spinning in the what ifs? What if I don’t have the skills for the jobs in demand? What if I’m too old? What if they are not looking to hire someone with my credentials? What if I am unable to replace my salary?
Let’s look at the data when we cannot get out of our heads. What are jobs that are in demand and will be growing? According to VentureBeat and Microsoft, here are the top 10 jobs that are in demand and likely to grow over the next decade:
- Software developer
- Sales representative
- Project manager
- IT administrator
- Customer service specialist
- Digital marketing specialist
- IT support / help desk
- Data analyst
- Financial analyst
- Graphic designer
In tandem, Microsoft is providing access to “learning paths” and resources for users to develop skills for these jobs, which will be available from today until the end of March 2021, and includes a series of videos to help jobseekers start off on the right foot for each role. Microsoft will also connect more technical roles with other resources and tools, including its bot-powered GitHub Learning Lab where budding coders can practice new skills. And feeding into this, Microsoft said that it will join the dots through to qualifications, by offering “low-cost access” to industry-recognized Microsoft certifications “based on exams that demonstrate proficiency in Microsoft technologies,” Microsoft President Brad Smith said in a separate blog post.”
Venture Beat goes on to say that “Microsoft has announced a slew of new initiatives designed to open up access to new digital skills, including cash grants, providing access to data, affordable certifications for Microsoft products, and a new learning app baked directly into Microsoft Teams.”
Looks like those software developers aren’t going away and you can hate on sales all you want, but those are needed for companies to keep their doors open and sell their products or services.
It seems apparent that the tech giant is looking to make a positive impact and help upskill workers to be able to explore and gain the skills they need to pursue these available and growing job opportunities. They are utilizing the data available within the LinkedIn platform to provide insights on job postings, as well as pledged to support access to learning and non-profit organizations. Microsoft is also making smart moves to grow and expand in an area where they see some major growth opportunities (within the LinkedIn Learning platform and MS Teams). Microsoft CEO mentioned that we have seen a 2-year digital shift in about two months due to COVID-19.
However, this does pose a question – how long will it take for hiring managers to catch up on reviewing resumes of those that had to make a job switch and may not have the previous experience they typically look for when hiring? There is fair room for a discussion that those reviewing resumes will also need to be informed of the career shifts of candidates due to COVID-19 and may need to spend a little bit more time making sure they are not dismissed for looking to make a switch after their upskill experience.
There may also be some questions from employees if they do not feel they resonate with any of those jobs listed as growing over the next decade. We may see a spike in entrepreneurial activity and people setting out to create and design their own work-life harmony – especially if the remote work opportunities are only going to grow exponentially.
Study finds 1,000 phrases that accidentally activate smart speakers
(TECH GADGETS) Don’t worry about accidentally activating your nosy smart speakers… unless, of course, you utter one of these 1,000 innocuous phrases.
It’s safe to say that privacy concerns, especially in today’s digital era, are unquestionably valid. With new video recording technology making it easier to identify people at a glance (whether they like it or not) and concerns that your smart speakers are eavesdropping on you, it may feel like you’re bordering on slightly paranoid around modern technology.
After all, even though there have been cases of smart speakers picking up on intimate conversations, there’s absolutely no risk of them overhearing private things without your consent, right? Even though it’s been documented that these devices — including Cortana, Alexa, Siri, and Google Home — have listened in relationship spats, criminal activity, and even HIPAA-protected data, you’re totally in the clear.
Oh yeah. The thing is, everything that gets broadcast into your smart speaker? There’s a completely random chance that someone back at headquarters may decide to sift through it in order to improve AI learning.
And while most of the time these conversations are totally benign, it doesn’t change the fact that a complete stranger is getting an earful of your private life. In fact, these transmissions? Are actually completely admissible in court, as several murder cases have already demonstrated. Their key evidence was none other than poor Alexa herself.
But wait, wait. These smart speakers can only get your information if you activate them, and that requires you to clearly enunciate their names. Right? Um. Not exactly. Even though you may think that you need to speak crisply into the speaker to activate it, it turns out that these devices are highly sensitive to any suggestion that you might be talking to them. It’s almost like your dog when you even remotely glance at his bag of doggie treats in the corner: one crinkle and Fido comes running, begging for some kibble and ready to serve you.
It’s the same for your smart speakers. As it turns out, there are over a thousand words or phrases that can trigger your device and invite it to start recording your voice. These can range from the perfectly reasonable (Cortana hearing “Montana” and springing to attention) to the downright absurd (Alexa raising her hackles over the words “election” and “unacceptable”). Well, crap. Now what?
It’s no secret that someone is listening in on your conversations. That’s been clearly documented, researched, dissected, and even accepted at this point. However, if you thought that they’d only listen to it if you gave them implicit permission by activating your device (which, to be fair, should not even count as permission in the first place), you were wrong.
So what’s a privacy-loving person to do? Just suck it up and try to choose between the lesser of two evils? On one hand, yes, these smart speakers are super convenient and can make your life easier. On the other?
Well, if you’re a fan of your privacy, then perhaps these devices aren’t meant for you. At this point, you’ve got little recourse. These companies will continue to use your data, and there’s nothing stopping them from spying on you. That is, unless you prevent them from doing it in the first place.
If you want to keep your private conversations private, either unplug your smart speaker when you’re not using it, or don’t get one in the first place. Otherwise, you’ll continue to give your implied consent that you’re totes cool with them butting in on your personal life, and they’ll continue to be equally totes cool with using it without your permission.
Will cash still be king after COVID-19?
Google Maps will soon display traffic lights
Plastic bags are making a comeback, thanks to COVID-19
Scammers are taking advantage of the unemployed
PopCom designs smart vending machines to automate regulated products
HEROES Act could increase unemployment stimulus benefits, add return to work bonus
A closer look at the HEROES act, and who stands to benefit the most
The White House pushes for $450 per week return to work bonus
Managing bipolar disorder and what I wish my employers understood
The Apple Watch isn’t just a way to ignore calls, it could save your life
Anti-surveillance mask – creepy, ingenious, or potentially illegal?
Amy’s Ice Cream founder on Austin’s business risks and rewards #WhyAustin
Turns out a lot of people are in between introverted and extroverted
P. Terry’s founder on the booming economy in Austin #WhyAustin
Ladies and gentlemen, the U.S. National Anthem
Our Great Partners
news neatly in your inbox
Subscribe to our mailing list for news sent straight to your email inbox.
Thank you for subscribing.
Oh boy... Something went wrong.
Opinion Editorials2 weeks ago
What to do when you can’t find your passion and you’re feeling lost
Business News1 week ago
New company beats Amazon with next morning delivery?
Opinion Editorials3 days ago
The truth about unemployment from someone who’s been through it
Tech News2 weeks ago
HEY needs to fix its issues to be the Gmail killer it claims to be
Business News2 weeks ago
International start up turns LinkedIn profiles into resumes
Opinion Editorials1 week ago
Idea: Color-coded face masks as the new social contract to combat COVID-19
Business Marketing2 weeks ago
Stand out with video as part of your resume (but be careful)
Business News2 weeks ago
Google offers ample support for work from home employees