Ever wonder how passwords get stolen? I like to imagine a team of hackers like The Lone Gunmen from The X-Files, all crowded in some hideout conducting illegal computer business based on tips from rogue FBI Agents.
Turns out there’s a little more to hacking than waiting for Fox Mulder to show up with hints.
Most of the common tactics involve guessing passwords utilizing online and offline techniques to acquire entry. One of the main methods is a dictionary attack.
This method automatically tries everything listed in a small file, the “dictionary,” which is populated with common passwords, like 123456 or qwerty. If your password is something tragically simple, you’re out of luck in a dictionary attack.
To protect yourself, use strong single-use passwords for each individual account. You can keep track of these with a password manager, because no one is expecting you to remember a string of nonsensical numbers, letters, and characters that make up a strong password.
Of course, there are still ways for hackers to figure out even complex passwords.
In a brute force attack, every possible character combination is tried. For example, if the password is required to have at least one uppercase letter and one number, a brute force attack will meet these specifications when generating potential passwords.
Brute force attacks also include the most commonly used alphanumeric combinations, like a dictionary attack. Your best bet against this type of attack is using extra symbols like & or $ if the password allows, or including a variety of variables whenever possible.
Spidering is another online method similar to a dictionary attack. Hackers may target a specific business, and try a series of passwords related to the company. This usually involves using a search “spider” to collate a series of related terms into a custom word list.
While spidering can be devastating if successful, this kind of attack is diverted with strong network security and single-use passwords that don’t tie in easily searchable personal information.
Malware opens up some more fun options for hackers, especially if it features a keylogger, which monitors and records everything you type. With a keylogger, all your accounts could potentially be hacked, leaving you SOL. There are thousands of malware variants, and they can go undetected for a while.
Fortunately, malware is relatively easy to avoid by regularly updating your antivirus and antimalware software. Oh, and don’t click on sketchy links or installation packages containing bundleware. You can also use script blocking tools.
The delightfully named (but in actuality awful) rainbow table method is typically an offline attack where hackers acquire an encrypted list of passwords. The passwords will be hashed, meaning it looks completely different from what you would type to log in.
However, attackers can run plaintext passwords through a hashtag algorithm and compare the results to their file with encrypted passwords. To save time, hackers can use or purchase a “rainbow table”, which is a set of precomputed algorithms with specific values and potential combinations.
The downside here is rainbow tables take up a lot of space, and hackers are limited to the values listed in the table. Although rainbow tables open up a nightmare storm of hacking potential, you can protect yourself by avoiding sites that limit you to very short passwords, or use SHA1 or MD5 as their password algorithms.
There’s also phishing, which isn’t technically hacking, but is one of the more common ways passwords are stolen. In a phishing attempt, a spoof email requiring immediate attention links to a fake login landing page, where users are prompted to input their login credentials.
The credentials are then stolen, sold, used for shady purposes, or an unfortunate combination of all the above. Although spam distribution has greatly increased over the past year, you can protect yourself with spam filters, link checkers, and generally not trusting anything requesting a ton of personal information tied to a threat of your account being shut down.
Last but certainly not least, there’s social engineering. This is a masterpiece of human manipulation, and involves an attacker posing as someone who needs login, or password, building access information. For example, posing as a plumbing company needing access to a secure building, or a tech support team requiring passwords.
This con is avoidable with education and awareness of security protocol company wide. And also you know, not providing sensitive information to anyone who asks. Even if they seem like a very trustworthy electrician, or promise they definitely aren’t Count Olaf.
Moral of the story? Your passwords will never be completely safe, but you can take steps to prevent some avoidable hacking methods.
Always have a single-use password for each account, use a password manager to store complex passwords, update malware, keep your eye out for phishing attempts, and don’t you dare make your password “passoword.”
Nate app: $38M Series A fintech startup you should keep an eye on
(TECHNOLOGY) The nate app combines the best of social media and shopping into one platform, streamlining the check-out process for hassle-free purchases.
No one likes to hop around from store to store searching aimlessly in aisles for all of their necessary items. That’s why the big guys win, like Walmart, Amazon, and Target – they have all you need in one swoop! Users choosing to shop online feel the same way. Having to reenter payment, billing, and shipping information over and over again becomes a pain – or worse, a deterrent to purchase, resulting in cart abandonment- that’s where the nate app comes in.
Nate combines the best of social media and shopping into one platform.
The well-funded, series A startup utilizes artificial intelligence (AI) to complete purchases seamlessly without all of the fluff a user discovers when checking out at various online retailers. Once a user inputs shipping and payment information into the app during sign-up, nate keeps the data on file for subsequent purchases, virtually eliminating the time-consuming check out process. If a user sees a product they like from an online merchant, they simply have to “share” the item to the nate app, and it will take care of the rest.
Unicorner’s startup analysis states, “In essence, nate is bringing the benefits of shopping on a centralized platform like Amazon to a decentralized shopping ecosystem.”
With a nod to Pinterest and LikeToKnowIt, the platform allows for users to create visual product lists on a personal account that can be shared with followers. If a follower likes an item they see, they can purchase the item in-app in just a click or two.
In contrast to the big wigs of the social media world, the nate app hopes that users will purchase based on true inspiration and not a targeted algorithm suggesting what they should buy. Instead, the app runs its business model on a $1 fee for each transaction which covers the ability to issue virtual cards, protect online privacy, and apply available discounts.
The nate app simplifies gift giving as well. Users are able to select a gift item and enter the recipients phone number – if the recipient is a nate app user, it can be shipped directly – otherwise, they will receive a text asking them where to send their new gift! This makes it a perfect choice for the upcoming holidays (yes, 2021 is almost over…whew).
To stay up to date on everything nate, download it now on the App Store.
Facebook deletes developer over ironic browser extension invention
(TECHNOLOGY) Think a muted week for a nipple shadow is bad? Facebook just permabanned this inventor for…helping others to use the platform less.
It must be true that corporations are people because Facebook is pulling some seriously petulant moves.
In a stunt that goes beyond 24hr bans for harmless hyperbole, and chopping away at organic reach (still bitter from my stint in social media management), Facebook straight up permanently banned one of their users for the high crime of…aiming to get people to use the platform a little less.
Developer Louis Barclay came up with Unfollow Everything, an extension that basically instantly deleted your feed without having you unfriend anyone or unlike anything. Rather than have users manually go through and opt out of seeing posts, they’d now opt IN to keeping who they wanted front and center.
In his own words on Slate: “I still remember the feeling of unfollowing everything for the first time. It was near-miraculous. I had lost nothing, since I could still see my favorite friends and groups by going to them directly. But I had gained a staggering amount of control. I was no longer tempted to scroll down an infinite feed of content. The time I spent on Facebook decreased dramatically. Overnight, my Facebook addiction became manageable.”
Since more time spent on Facebook means more ads that you’re exposed to, means more you spend, the add-on started slowly making headway. I myself pretend to be a ranch owner to keep ads as irrelevant to me as possible (though my new addiction to hoof trimming videos is all too real), and Unfollow Everything probably would have been a great find for me if it hadn’t been killed by a cease and desist.
Law firm Perkins Coie, representing the internet giant, let Barclay know in their notice that Unfollow Everything violated the site’s rules on automated collection of user content, and was muscling in on Facebook trademarked IP.
They also added, in what I can only assume was a grade-school narc voice, that the add-on was “encouraging others to break Facebook’s rules.”
Barclay, not having the resources to fight a company with the finances of a small country, promptly ceased and desisted. Practical.
Officially speaking, Facebook might have actually have some ground to stand on vis-à-vis its Terms Of Service. The letter and legal team may have been warranted, not that we’ll ever truly know, since who’s taking Facebook to court? But then they followed up with a ‘neener neener’ deletion of Barclay’s 15 year old account – which was still very much in use.
Look, Facebook is the only way I connect with some of my friends. I don’t take enough pictures to make full use of Instagram, I fully hate Twitter, my Tumblr is inundated with R-rated fanfiction, and any other social media platform I’m happy to admit I’m too haggish and calcified to learn to use. So a complete WIPE of everything there with no notice would be pretty devastating to me. I can only imagine how Barclay felt.
And in light of the fact that the browser extension wasn’t hurting anyone, taking money, or spewing hateful rhetoric, there’s really only one thing to say about Facebook’s actions…they’re petty.
Sure, they may have the legal right to do what they did. It’s just that when you notice every fifth post is an unvetted advertisement, their high ground starts to sink a little. I mean nothing says ‘We’re being totally responsible with user information’ like the number of add ons and user tactics popping up to avoid seeing the unnecessary. This isn’t the first time we’ve seen Facebook put up a fight against losing ad traffic.
We all know all those stores with amazing deals aren’t actually going out of business, or even using their own photos right? Right?
Barclay added in his article, “Facebook’s behavior isn’t just anti-competitive; it’s anti-consumer. We are being locked into platforms by virtue of their undeniable usefulness, and then prevented from making legitimate choices over how we use them—not just through the squashing of tools like Unfollow Everything, but through the highly manipulative designs and features platforms adopt in the first place. The loser here is the user, and the cost is counted in billions of wasted hours spent on Facebook.”
Agreed, Mr. Barclay.
Now I’m off to refresh my feed. Again.
Glowbom: Create a website, using just your voice
(TECH NEWS) Talk about futuristic! This app allows you to create quizzes, surveys, an online store, and even a website in minutes–without typing.
In the past, we’ve discussed things like simplified coding and no-code app creation. Now, a San Francisco startup has taken the process a step further with no-type app creation.
Glowbom is a voice app that allows you to dictate steps to an AI – from adding information all the way to exporting code–in order to create a simple app, survey, or game. While the built-in options for now are limited to four simple categories, the power of the app itself is impressive: By asking the Glowbom AI to complete tasks, one is able to dictate an entire (if small) program.
It’s an impressive idea, and an even more impressive product. Glowbom founder and CEO Jacob Ilin showcases the power of Glowbom in a short demonstration video, and while he only uses it to create a simple survey, the entire process–up to and including the exportation of the API–is accomplished via voice commands.
Furthermore, Glowbom appears to process natural inputs–such as phrases like “Let’s get started”–in the context of an actual command rather than the colloquial disconnect one tends to expect in AI. This means that users won’t need to read a 700-page manual on phrases and buzzwords to use before jumping on board–something the Glowbom user base was probably hoping to avoid anyway.
As of now, the options one can use Glowbom to create include a quiz, a survey, an online store, and a website. It seems reasonable to expect that, as support for the app grows, those categories will expand to comprise a larger library.
Glowbom certainly opens a few doors for people looking to take their businesses or ideas from an offline medium into the digital marketplace. As coding becomes less centralized in computer language and more contingent on processes such as this, we can expect to see more products from folks who may have missed the coding boat.
Perhaps more importantly, Glowbom and products like it make coding more accessible to a wider base of disabled users, thus taking a notable step toward evening the playing field for a marginalized demographic. It’s not true equality, but it’s a start.
This story was first published here in October 2020.
Opinion Editorials2 weeks ago
Why tech talent is in the process of abandoning Austin
Business News12 hours ago
Leadership versus management: What’s the difference?
Business Marketing1 week ago
How many hours of the work week are actually efficient?
Business Marketing1 week ago
Jack of all trades vs. specialized expert – which are you?
Opinion Editorials2 days ago
Art meets business: Entrepreneurship tips for creative people
Tech News1 week ago
4 ways startups prove their investment in upcoming technology trends
Business News7 days ago
Unify your remote team with these important conversations
Business Marketing1 week ago
3 considerations when marketing in an era of uncertainty