On Monday Google made it a bit easier for people who crave more security over their Google accounts to achieve that goal.
Google launched a tool called My Account that allows users a single location for things like privacy and security settings across all Google products. The tool allows users to see if Google can collect information on devices used to log into users accounts, track a user's location, or search and browsing activity.
For a more secure login a user can turn on two-step verification. Also on the Sign-and-Security page you can see which apps are connected to your Google account. A user can also have an analysis on their current security settings and there is an FAQ page that answers questions like what is done with the information that is collected.
These new settings feature were always available, but not in a one-stop-shop type of situation. This will allow the user an easier birds eye view of their security settings across all types of Google accounts to make sure they are achieving the security they seek.
Thursday, June 4, 2015
Thursday, May 28, 2015
Google looks at security questions with alarming results
It seems like every account you have out on the internet requires some type of personal security question to answer if you don't remember your password or just an extra level security if you need to access an account. These are questions like "What highschool did you attend?", "What is your mother's maiden name?", or "What is the first pet you owned?". These are all good questions, right?
Google recently looked at millions of security questions to see how secure they actually were and realized that we are kidding ourselves when we think our account access is safe at least on this front. Some are easy answers. Some are so hard that even then user that they came from can't remember what they are. In most cases the hacker has 10 tries to get the answer right before they are locked out and in some questions they had up to a 21 percent chance of guessing the right answer based off the questions specificity.
Bottom line is that we can't feel too safe having our line of security defense based on a simple security answer that if not taken seriously can be an easy way in to our precious accounts. One suggestion would be to have a verification SMS text message sent to you for an extra verification level. One day there will be a better way to do this, but until then be sure to update your security questions and definitely make sure you yourself know the answer!
Google recently looked at millions of security questions to see how secure they actually were and realized that we are kidding ourselves when we think our account access is safe at least on this front. Some are easy answers. Some are so hard that even then user that they came from can't remember what they are. In most cases the hacker has 10 tries to get the answer right before they are locked out and in some questions they had up to a 21 percent chance of guessing the right answer based off the questions specificity.
Bottom line is that we can't feel too safe having our line of security defense based on a simple security answer that if not taken seriously can be an easy way in to our precious accounts. One suggestion would be to have a verification SMS text message sent to you for an extra verification level. One day there will be a better way to do this, but until then be sure to update your security questions and definitely make sure you yourself know the answer!
Wednesday, May 20, 2015
Idaho 17 year old DDoS school district web access
Recently a teen from Idaho thought, for some reason, it would be a great idea to pay a third party to organize multiple DDoS attacks upon the local school district causing major web issues for the school.
Not only did the staff have problems getting into their websites, but many students who were taking important yearly test either had their test erased or their scores erased so they needed to take the test again which is just cruel and unusual punishment. The teen was eventually tracked down through some investigation that lead to his IP address being found leading back to him.
It's a crazy time we live in where some kid who can't even live on his own has the know-how and wear-with-all to pull off something like this. He did get caught, but it's pretty brazen of him to pull a thing like this off. Most kids these days don't even need someone else to do this, they can do it themselves most of the time because they have grown up with computers and have somehow picked up programming along the way. Kids just need to get out more and play like we used to when times were more simple and school test were on Scantrons, can't erase those with a DDoS attack!
Not only did the staff have problems getting into their websites, but many students who were taking important yearly test either had their test erased or their scores erased so they needed to take the test again which is just cruel and unusual punishment. The teen was eventually tracked down through some investigation that lead to his IP address being found leading back to him.
It's a crazy time we live in where some kid who can't even live on his own has the know-how and wear-with-all to pull off something like this. He did get caught, but it's pretty brazen of him to pull a thing like this off. Most kids these days don't even need someone else to do this, they can do it themselves most of the time because they have grown up with computers and have somehow picked up programming along the way. Kids just need to get out more and play like we used to when times were more simple and school test were on Scantrons, can't erase those with a DDoS attack!
Saturday, May 16, 2015
Penn State cyberattack exposes nearly 18K usernames and passwords
Over the past 2 years Penn State University's College of Engineering has been the victim of at least 2 substantial cyber attacks. The most recent yielded the cyber attackers 18K usernames and passwords for various people affiliated with the college.
They hired an independent cyber security firm to investigate and they have confirmed that at least one of the attacks came from China. Most of these attacks are from highly organized, skilled, and well funded individuals. The college was first alerted of the attacks by the FBI in 2014.
The article also mentions that many colleges universities are targets of cyber attacks that expose many individuals vital information, sometimes social security numbers and credit card information. It's funny to me that these smart cyber attackers are focusing on college to find lucrative information due to most of the accounts are probably students who are broke from paying for college so they aren't going to receive my in the way of money from them. Other information though from professors may be useful so maybe they are guessing that out of 18K people at least they may yield a 1000+ that are useful. Just goes to show that cyber attacks can happen to anyone or any business at any time. No one is safe 100%.
They hired an independent cyber security firm to investigate and they have confirmed that at least one of the attacks came from China. Most of these attacks are from highly organized, skilled, and well funded individuals. The college was first alerted of the attacks by the FBI in 2014.
The article also mentions that many colleges universities are targets of cyber attacks that expose many individuals vital information, sometimes social security numbers and credit card information. It's funny to me that these smart cyber attackers are focusing on college to find lucrative information due to most of the accounts are probably students who are broke from paying for college so they aren't going to receive my in the way of money from them. Other information though from professors may be useful so maybe they are guessing that out of 18K people at least they may yield a 1000+ that are useful. Just goes to show that cyber attacks can happen to anyone or any business at any time. No one is safe 100%.
Thursday, May 7, 2015
Norton Identify Safe offers free password management
It's always nice when a company offers something for free and Norton is no exception. They offer a free password protection application that not only stores your passwords on your desktop, but also syncs then across Web and mobile as well. This is wonderful if you are out and about and need that password to your bank account, but it's saved on your desktop at home.
Once this particular application was part of Norton's paid security-suite package, but now it is able to be obtained for free as a standalone. This is for Windows only at the moment so Mac folks will need to find a similar, hopefully free, product in their realm.
The software not only manages passwords and logins, but also does data filling for billing and shipping addresses which is a huge life and time saver when you are in a hurry. Aside from this there is a Wallet section that securely stores all of your credit card and bank information.
If you're in need of an all around personal information protector, then this software by Norton is the way to go. The price tag at least screams "Try me!" and if you don't like it your aren't out much. Norton's been around for a long time so there isn't any reason this product shouldn't be a homerun.
Once this particular application was part of Norton's paid security-suite package, but now it is able to be obtained for free as a standalone. This is for Windows only at the moment so Mac folks will need to find a similar, hopefully free, product in their realm.
The software not only manages passwords and logins, but also does data filling for billing and shipping addresses which is a huge life and time saver when you are in a hurry. Aside from this there is a Wallet section that securely stores all of your credit card and bank information.
If you're in need of an all around personal information protector, then this software by Norton is the way to go. The price tag at least screams "Try me!" and if you don't like it your aren't out much. Norton's been around for a long time so there isn't any reason this product shouldn't be a homerun.
Wednesday, April 29, 2015
Google creates new alert tool to help stop phishing attacks
Google has created a new tool that will fight against phishing. It's called the Password Alert Chrome extension. This new extension keeps track of where you enter your Google account password and when it's entered somewhere other than accounts.google.com.
This keeps you from re-using your Google password on other sites and protects you if you've entered your password on a fake Google website. This is called phishing. Phishing is when an individual acts like they are a legit company to try and get your sensitive info. Emails may be sent to you that look legit, maybe from "Google" try to get specific account details.
This is where the Password Alert extension comes into play. It sends you a message that simply lets you know your Gmail password was used on a non-Google page. You should change your password immediately if this happens. Just choose to ignore it if you know you've legitimately used your password on a secure website. Google is constantly impressing me with it's think outside the box ideas and just all of they ways it makes my life easier daily.
This keeps you from re-using your Google password on other sites and protects you if you've entered your password on a fake Google website. This is called phishing. Phishing is when an individual acts like they are a legit company to try and get your sensitive info. Emails may be sent to you that look legit, maybe from "Google" try to get specific account details.
This is where the Password Alert extension comes into play. It sends you a message that simply lets you know your Gmail password was used on a non-Google page. You should change your password immediately if this happens. Just choose to ignore it if you know you've legitimately used your password on a secure website. Google is constantly impressing me with it's think outside the box ideas and just all of they ways it makes my life easier daily.
Saturday, April 25, 2015
US goes on the offensive in combating cyber attacks
This week the US said it will take measures to use cyberattacks to defend outside attacks on our country. With the increasing amount of attacks over the last few years this was going to need to happen and happen soon.
I'm surprised the US didn't take these measures earlier and not just put out fires when they happened, but become proactive in fighting these types of attacks that cost out country and many corporations millions of dollars in losses yearly.
Our major threats like China, Russia, North Korea, and Iran are probably already taking measures to be ready when the US finally comes back at them. It's great that we are arming ourselves and using the great minds working for the government to protect the citizens of this country from any harm to their finances or their well being.
I'm surprised the US didn't take these measures earlier and not just put out fires when they happened, but become proactive in fighting these types of attacks that cost out country and many corporations millions of dollars in losses yearly.
Our major threats like China, Russia, North Korea, and Iran are probably already taking measures to be ready when the US finally comes back at them. It's great that we are arming ourselves and using the great minds working for the government to protect the citizens of this country from any harm to their finances or their well being.
Thursday, April 16, 2015
Target settles with MasterCard over 2013 data breach
This week Target settled a dispute with MasterCard over a 2013 data breach by agreeing to pay $19M to card issuers worldwide that have to cancel accounts, create new accounts, and reissue new cards to customers who were affected.
The person responsible for this huge attack has not been caught yet and had access to 110 million customer records, including 40 million credit card numbers. Target notified card issuers immediately after the attack so customers could get new cards quickly and accounts back to normal.
Visa is in talks with Target for a smaller settlement.
It seems this is happening more and more lately with large multibillion dollar companies with robust IT departments and presumably very good data security measures to combat this. When one hacker or a small group of hackers relatively easily breaks the system and gets access to sensitive information this becomes real to me as a consumer with lots of information in the virtual world and on company servers.
I want to trust that companies are doing all that they can to combat this type of thing, but when you are seemingly getting nipped at weekly, maybe even daily, by those that wish to steal from others instead of working for themselves, it scares me into becoming extra careful when I put my credit card or social into any website. I suppose this is good that my senses are heightened to this so I do take more responsibility and not blindly trust who is on the other end of my transaction.
The person responsible for this huge attack has not been caught yet and had access to 110 million customer records, including 40 million credit card numbers. Target notified card issuers immediately after the attack so customers could get new cards quickly and accounts back to normal.
Visa is in talks with Target for a smaller settlement.
It seems this is happening more and more lately with large multibillion dollar companies with robust IT departments and presumably very good data security measures to combat this. When one hacker or a small group of hackers relatively easily breaks the system and gets access to sensitive information this becomes real to me as a consumer with lots of information in the virtual world and on company servers.
I want to trust that companies are doing all that they can to combat this type of thing, but when you are seemingly getting nipped at weekly, maybe even daily, by those that wish to steal from others instead of working for themselves, it scares me into becoming extra careful when I put my credit card or social into any website. I suppose this is good that my senses are heightened to this so I do take more responsibility and not blindly trust who is on the other end of my transaction.
Tuesday, April 7, 2015
White House Network Breach
Today it was reported that very sophisticated Russian hackers had breached the White House and State Department's computer systems in an attempt to commandeer classified US information, it seems, for the Russian government.
According to a high ranking official the hackers were not successful in getting into the classified systems and the very sensitive information they hold. This is a scary situation when it's seemingly this easy to get into the most powerful man in the free world's home system. If these hackers can do this and make the geniuses that run the government network security areas look like it's their first day on the job, then how does the private sector have much hope.
The same thing seems to be happening from China as well when it comes to trying to get into our country's private computer databases and cherry pick specific information that could damage our economy and bruise our egos. We aren't as safe as we thought we were and without extreme measures to squash these individuals this will continue to happen as it did not long after the first attack. The same hackers were able to roam around for upwards of a month in State Department network systems.
There are good hackers out there that fight every day against foreign hackers and I'm glad they are working for us because we are only heading into a more and more virtual world that will continue to bring security breach attacks on our government and us as individual Americans.
According to a high ranking official the hackers were not successful in getting into the classified systems and the very sensitive information they hold. This is a scary situation when it's seemingly this easy to get into the most powerful man in the free world's home system. If these hackers can do this and make the geniuses that run the government network security areas look like it's their first day on the job, then how does the private sector have much hope.
The same thing seems to be happening from China as well when it comes to trying to get into our country's private computer databases and cherry pick specific information that could damage our economy and bruise our egos. We aren't as safe as we thought we were and without extreme measures to squash these individuals this will continue to happen as it did not long after the first attack. The same hackers were able to roam around for upwards of a month in State Department network systems.
There are good hackers out there that fight every day against foreign hackers and I'm glad they are working for us because we are only heading into a more and more virtual world that will continue to bring security breach attacks on our government and us as individual Americans.
Friday, April 3, 2015
DDoS attack on Github website and online gamers: What is a DDoS attack?
The popular programming and app developing website Github was hit by a DDoS attack recently and the website is still trying to recover from the attack.
A DDoS attack, or Distributed Denial of Service, is making a website or personnal IP address unavailable by overwhelming it with traffic from multiple services. The website believes this was coordinated by individuals in China that don't like some of the customers of Github specifically ones that promote free speech and promoting banned websites in China like the New York Times website.
DDoS attacks are becoming more and more rampant these days. I keep up with online pro gamers who deal with this problem very often. One minute they are streaming for thousands of people and the next they are being hit offline by an attack to their IP address by, most of the time, some pimple faced teenager living in the basement of their parents house.
These are just some of the ways that DDoS attacks are implemented. According to digitalattackmap.com there are four main types of attacks. A TCP connection attack is when all available connections are used up and the system goes down. A volumetric attack involves using up bandwidth and are mainly used to simply cause confusion between the internet and a network. A fragmentation attack is a flood of packets is sent to a network and causes poor performance among other issues. An application attack is used to target a specific area of an application and handicap it with few attacking devices.
Regardless of what type of attack is presented DDoSing, as some would call it, is troublesome and easily accomplished by even an unseasoned hacker. As soon as you find a fix another attack could take place at a different angle. For computer professionals this will continue to be a problem for the foreseeable future.
A DDoS attack, or Distributed Denial of Service, is making a website or personnal IP address unavailable by overwhelming it with traffic from multiple services. The website believes this was coordinated by individuals in China that don't like some of the customers of Github specifically ones that promote free speech and promoting banned websites in China like the New York Times website.
DDoS attacks are becoming more and more rampant these days. I keep up with online pro gamers who deal with this problem very often. One minute they are streaming for thousands of people and the next they are being hit offline by an attack to their IP address by, most of the time, some pimple faced teenager living in the basement of their parents house.
These are just some of the ways that DDoS attacks are implemented. According to digitalattackmap.com there are four main types of attacks. A TCP connection attack is when all available connections are used up and the system goes down. A volumetric attack involves using up bandwidth and are mainly used to simply cause confusion between the internet and a network. A fragmentation attack is a flood of packets is sent to a network and causes poor performance among other issues. An application attack is used to target a specific area of an application and handicap it with few attacking devices.
Regardless of what type of attack is presented DDoSing, as some would call it, is troublesome and easily accomplished by even an unseasoned hacker. As soon as you find a fix another attack could take place at a different angle. For computer professionals this will continue to be a problem for the foreseeable future.
Subscribe to:
Posts (Atom)