Password protection, charge your smartphone and updates to watch for.
Welcome to Cyber Security Today. It’s Monday October 14th, I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com. Today is Canadian Thanksgiving. Thanks for listening.
How long can it take for a hacker to break a list of stolen passwords? It depends on how well the list encrypted. I learned that at a security conference last week in Toronto, where British expert Will Hunt said it took him less than two days to crack 90 per cent of a list of 380,000 passwords. This with a special-built computer that costs $5,000. There were several lessons from this presentation. For all you security experts at companies, this dataset was hashed but not salted. In simple terms, that means it was only protected once rather than twice. So the lesson for professionals is salt as well as hash lists of user credentials. And make sure the hash, or algorithm, you use is modern and safe.
For consumers, Hunt has advice on how to create safer passwords. First, longer is better. Second, think of passphrases of random words — like “SillyOrphanNancyGolfs”. If that sounds odd, is spells S-O-N-G. That shortcut should be easy to remember. And by the way, you can insert a space in between a word or words. That makes the password more complex, as well as using capitals. Third, use a password manager. And if you have a sensitive job and may be a target — an executive, a reporter, an accountant — let the password manager select a random jumble you can’t remember that will be really tough to crack. Now, that means you’re relying on one password for protection — the password to the password manager. But Hunt says that’s still good protection. Finally, where you can sign up for two-factor authentication in addition to a user name and password to protect logins.
The future, we’re told, is paying for everything with your smartphone. That’s because to get a phone you have to prove your identity, including providing a credit card. So in some countries you can buy things in stores by waving your phone at a sensor. But some transactions aren’t so simple. Recently a reporter in Britain was convicted of not providing proof of payment on a bus after using her iPhone and Apple Pay to pay for a ride. In England it’s common for transit riders to have to get a ticket stub to prove they’ve paid. But just as the reporter produced her phone to show the evidence of payment, the battery died. The bus company wouldn’t accept her bank statement as proof she paid. Then she missed a court date and was convicted and fined about $500. And with a conviction she couldn’t get a visa to travel to the U.S. I’m making a long story short, and the conviction was reversed. But companies who believe the world will be their oyster because people can pay for things with a smart phone need to think of everything that can go wrong. And consumers should remember not to leave the house unless their phones are fully charged.
Police in the U.S., Mexico and Italy have arrested 18 people and charged them with stealing money from American bank machines. They had allegedly installed skimmers on a bunch of ATMs, stealing data and making counterfeit credit and debit cards. Then they’d make fraudulent purchases or withdraw money from bank machines.
Do you have iTunes or iCloud for Windows on your PC? Make sure it’s updated to the latest version, which closes a major security bug. If you had and then deleted iTunes or iCloud for Windows, you also need to delete the source of this bug, a piece of those apps called Bonjour. Check the list of installed applications in the Control Panel and then say goodbye to Bonjour.
Finally, if you use the Chrome browser, make sure it’s updated. Google has released fixes for eight vulnerabilities.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.