This preview shows page 1. Sign up to view the full content.
Unformatted text preview: site’s acco unt is hacked, yo ur user
name and passwo rd are no w in the hands o f hackers that can try o ut tho se “keys” acro ss the
Web’s mo st po pular destinatio ns. Web sites are increasingly demanding mo re “secure” passwo rds, requiring users to create
passwo rds at least eight characters in length and that include at least o ne number and o ther
no nalphabet character. Beware o f using seemingly clever techniques to disguise co mmo n
wo rds. Many co mmo nly available brute-f o rce passwo rd cracking to o ls run thro ugh dictio nary
guesses o f co mmo n wo rds o r phrases, substituting symbo ls o r numbers f o r co mmo n
characters (e.g., “@” f o r “a,” “+” f o r “t”). Fo r stro nger security, experts o f ten advise basing
passwo rds o n a phrase, where each letter makes up a letter in an acro nym. Fo r example, the
phrase “My f irst Cadillac was a real lemo n so I bo ught a To yo ta” beco mes “M1stCwarlsIbaT.”F.
Manjo o , “Fix Yo ur Terrible, Insecure P asswo rds in Five Minutes,” Slate, No vember 12, 2009.
Be caref ul to cho o se an o riginal phrase that’s kno wn o nly by yo u and that’s easy f o r yo u to
remember. Studies have sho wn that acro nym-based passwo rds using so ng lyrics, co mmo n
quo tes, o r mo vie lines are still susceptible to dictio nary-style hacks that build passwo rds f ro m
po p-culture ref erences (in o ne test, two o f 144 participants made passwo rd phrases f ro m an
acro nym o f the Oscar Meyer wiener jingle).N. Summers, “Building a Better P asswo rd,”
New sw eek, Octo ber 19, 2009. Finding that balance between so mething to ugh f o r o thers to
guess yet easy f o r yo u to remember will require so me tho ught—but it will make yo u mo re
secure. Do it no w! Technology Threats (Client and Server Software, Hardware, and Networking)
Any accessible co mputing device is a po tential target f o r inf iltratio n by malware. Malw are (f o r
malicio us so f tware) seeks to co mpro mise a co mputing system witho ut permissio n. Client P Cs and a
f irm’s servers are primary targets, but as co mputing has spread, malware no w threatens nearly any co nnected system running so f tware, including mo bile pho nes, embedded devices, and a f irm’s
netwo rking equipment. So me hackers will try to sneak malware o nto a system via techniques like phishing. In ano ther highpro f ile hacking example, inf ected USB drives were purpo sely lef t lying aro und go vernment o f f ices.
Tho se seemingly abando ned o f f ice supplies really co ntained co de that attempted to inf iltrate
go vernment P Cs when inserted by unwitting emplo yees. Machines are co nstantly under attack. Micro so f t’s Internet Saf ety Enf o rcement Team claims that
the mean time to inf ectio n f o r an unpro tected P C is less than f ive minutes.J. Marko f f , “A Ro bo t
Netwo rk Seeks to Enlist Yo ur Co mputer,” New Yo rk Times, Octo ber 20, 2008. Of tentimes
malware attempts to co mpro mise weaknesses in so f tware—either bugs, po o r design, o r po o r
co nf iguratio n. Years ago , mo st attacks centered o n weaknesses in the o perating system, but no w malware explo its
have expanded to o ther targets, including bro wsers, plug-ins, and scripting languages used by
so f tware. BusinessWeek repo rts that Ado be has replaced Micro so f t as the primary means by which
hackers try to inf ect o r take co ntro l o f P Cs. Even trusted Web sites have beco me a co nduit to
deliver malware paylo ads. Mo re than a do zen sites, including tho se o f the New Yo rk Times, USA
To day, and Nature, were co mpro mised when seemingly ho nest advertising clients switched o n f ake
ads that explo it Ado be so f tware.A. Ricadela, “Can Ado be Beat Back the Hackers?” BusinessWeek,
No vember 19, 2009. So me attacks were delivered thro ugh Flash animatio ns that direct co mputers
to sites that scan P Cs, installing malware paylo ads thro ugh whatever vulnerabilities are disco vered.
Others circulated via e-mail thro ugh P DF triggered paylo ads deplo yed when a f ile was lo aded via
Acro bat Reader. Ado be is a particularly tempting target, as Flash and Acro bat Reader are no w
installed o n nearly every P C, including Mac and Linux machines. Malware go es by many names. Here are a f ew o f the mo re co mmo n terms yo u’re likely to
enco unter.P o rtio ns adapted f ro m G. P erera, “Yo ur Guide to Understanding Malware,”
Lapto pLo gic.co m, May 17, 2009. Metho ds o f inf ectio n are as f o llo ws: Viruses. P ro grams that inf ect o ther so f tware o r f iles. They require an executable (a running
pro gram) to spread, attaching to o ther executables. Viruses can spread via o perating systems, pro grams, o r the bo o t secto r o r auto -run f eature o f media such as DVDs o r USB drives. So me
applicatio ns have executable languages (macro s) that can also ho st viruses that run and spread
when a f ile is o pen.
Wo rms. P ro grams that take advantage o f security vulnerability to auto matically spread, but
View Full Document
This document was uploaded on 01/31/2014.
- Winter '14