Beware of Twitter messages promising free cryptocurrency, a drone manufacturers’ website patched and how to make passwords safer.
Welcome to Cyber Security Today. It’s Friday November 9th. To hear the podcast click on the arrow below:
Everyone loves the idea of getting Bitcoin or some cryptocurrency for free. Listen – when someone on the Internet says they’re giving away digital coin for free, it’s a scam. Someone has been hijacking accounts purporting to be billionaire entrepreneur Elon Musk and giving away Bitcoin. The latest attempt used the Twitter account of British film distributor Pathe UK. Security reporter Graham Cluley said another hijacked Twitter account belonging to a British retailer is doing the same thing. First, to make sure you’re not a victim turn on two-step verification of all your accounts – mail accounts, social media accounts, bank accounts. Second, please remember no one gives money away.
Updating the common software you use – Windows, Android, iOS, Microsoft Office – should be second nature by now. But you have to update everything else you have. This came to mind this week with news that Check Point Software found a vulnerability in the user identification system of a website run by a company that makes drones called DJI. Their personal data could have been hacked. So could the data of corporate users of the DJI FlightHub software. That hole has now been plugged in an update. So check the websites regularly of all the apps you use for updates.
By the way, that includes devices, too. A report this week says a new botnet has been discovered that uses a vulnerability in Internet routers. The botnet is believed to have infected around 400,000 devices around the world, including in India, the United States, Canada and China. Regularly check your modem and WiFi router manufacturers’ websites for updates.
Finally, last week while editor Brian Jackson filled in I was at the annual security conference of the Municipal Information Systems Association of Ontario. This is for people who protect the IT systems of towns and cities. One sessions I sat in on was a demonstration by Adam Abernethy, the network security manager for the city of Oshawa, Ont., on hacker tools used to crack hashed passwords. Now, a password that has been hashed is not like one that has been encrypted. An encrypted piece of text is meant to be unencrypted (with approval). A hashed text isn’t supposed to be unscrambled. Nevertheless. Abernethy showed that if a hacker can get hold of a database of hashed passwords they can be quickly cracked if they are too short. The lesson here is all your important passwords should be longer than eight characters. Forget about mixing up letters and numbers. Chose three words to create a phrase whose initials mean something to you so they’re easy to remember. For example chose three unrelated words starting with C, A and T. CAT will trigger your memory for that particular site. Separate each word by a space. Want to be really safe? Google that phrase. If no match is found, that passphrase is good.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Alexa Flash Briefing. Thanks for listening. I’m Howard Solomon