Finding that balance between so mething to ugh f o r

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: site’s acco unt is hacked, yo ur user name and passwo rd are no w in the hands o f hackers that can try o ut tho se “keys” acro ss the Web’s mo st po pular destinatio ns. Web sites are increasingly demanding mo re “secure” passwo rds, requiring users to create passwo rds at least eight characters in length and that include at least o ne number and o ther no nalphabet character. Beware o f using seemingly clever techniques to disguise co mmo n wo rds. Many co mmo nly available brute-f o rce passwo rd cracking to o ls run thro ugh dictio nary guesses o f co mmo n wo rds o r phrases, substituting symbo ls o r numbers f o r co mmo n characters (e.g., “@” f o r “a,” “+” f o r “t”). Fo r stro nger security, experts o f ten advise basing passwo rds o n a phrase, where each letter makes up a letter in an acro nym. Fo r example, the phrase “My f irst Cadillac was a real lemo n so I bo ught a To yo ta” beco mes “M1stCwarlsIbaT.”F. Manjo o , “Fix Yo ur Terrible, Insecure P asswo rds in Five Minutes,” Slate, No vember 12, 2009. Be caref ul to cho o se an o riginal phrase that’s kno wn o nly by yo u and that’s easy f o r yo u to remember. Studies have sho wn that acro nym-based passwo rds using so ng lyrics, co mmo n quo tes, o r mo vie lines are still susceptible to dictio nary-style hacks that build passwo rds f ro m po p-culture ref erences (in o ne test, two o f 144 participants made passwo rd phrases f ro m an acro nym o f the Oscar Meyer wiener jingle).N. Summers, “Building a Better P asswo rd,” New sw eek, Octo ber 19, 2009. Finding that balance between so mething to ugh f o r o thers to guess yet easy f o r yo u to remember will require so me tho ught—but it will make yo u mo re secure. Do it no w! Technology Threats (Client and Server Software, Hardware, and Networking) Malware Any accessible co mputing device is a po tential target f o r inf iltratio n by malware. Malw are (f o r malicio us so f tware) seeks to co mpro mise a co mputing system witho ut permissio n. Client P Cs and a f irm’s servers are primary targets, but as co mputing has spread, malware no w threatens nearly any co nnected system running so f tware, including mo bile pho nes, embedded devices, and a f irm’s netwo rking equipment. So me hackers will try to sneak malware o nto a system via techniques like phishing. In ano ther highpro f ile hacking example, inf ected USB drives were purpo sely lef t lying aro und go vernment o f f ices. Tho se seemingly abando ned o f f ice supplies really co ntained co de that attempted to inf iltrate go vernment P Cs when inserted by unwitting emplo yees. Machines are co nstantly under attack. Micro so f t’s Internet Saf ety Enf o rcement Team claims that the mean time to inf ectio n f o r an unpro tected P C is less than f ive minutes.J. Marko f f , “A Ro bo t Netwo rk Seeks to Enlist Yo ur Co mputer,” New Yo rk Times, Octo ber 20, 2008. Of tentimes malware attempts to co mpro mise weaknesses in so f tware—either bugs, po o r design, o r po o r co nf iguratio n. Years ago , mo st attacks centered o n weaknesses in the o perating system, but no w malware explo its have expanded to o ther targets, including bro wsers, plug-ins, and scripting languages used by so f tware. BusinessWeek repo rts that Ado be has replaced Micro so f t as the primary means by which hackers try to inf ect o r take co ntro l o f P Cs. Even trusted Web sites have beco me a co nduit to deliver malware paylo ads. Mo re than a do zen sites, including tho se o f the New Yo rk Times, USA To day, and Nature, were co mpro mised when seemingly ho nest advertising clients switched o n f ake ads that explo it Ado be so f tware.A. Ricadela, “Can Ado be Beat Back the Hackers?” BusinessWeek, No vember 19, 2009. So me attacks were delivered thro ugh Flash animatio ns that direct co mputers to sites that scan P Cs, installing malware paylo ads thro ugh whatever vulnerabilities are disco vered. Others circulated via e-mail thro ugh P DF triggered paylo ads deplo yed when a f ile was lo aded via Acro bat Reader. Ado be is a particularly tempting target, as Flash and Acro bat Reader are no w installed o n nearly every P C, including Mac and Linux machines. Malware go es by many names. Here are a f ew o f the mo re co mmo n terms yo u’re likely to enco unter.P o rtio ns adapted f ro m G. P erera, “Yo ur Guide to Understanding Malware,” Lapto pLo m, May 17, 2009. Metho ds o f inf ectio n are as f o llo ws: Viruses. P ro grams that inf ect o ther so f tware o r f iles. They require an executable (a running pro gram) to spread, attaching to o ther executables. Viruses can spread via o perating systems, pro grams, o r the bo o t secto r o r auto -run f eature o f media such as DVDs o r USB drives. So me applicatio ns have executable languages (macro s) that can also ho st viruses that run and spread when a f ile is o pen. Wo rms. P ro grams that take advantage o f security vulnerability to auto matically spread, but u...
View Full Document

This document was uploaded on 01/31/2014.

Ask a homework question - tutors are online