Tag Archives: cybercrime

Supersize Your Passwords

A report by Anthony Mason on the CBS Evening News recently highlighted the latest consumer security concerns about hackers. A “white hat” expert from the security firm Trustwave managed to break Mason’s 7-character password in just 37 seconds. And it wasn’t an obvious one that the machine somehow guessed either, like the supposedly most commonly used one these days, “password1”. No, it was cracked by good old-fashioned number-crunching. The ability to break passwords by sheer brute force, running through every combination there is until the right one is stumbled upon does not depend in the least on how the password was created or what it signifies. The algorithms don’t try to guess meaning or substitutions – they don’t care about your mother’s maiden name, capitalization or whether you used a lower-case “l” or the number “1”, or anything at all other than length. A password, using the standard English alphabet with both upper and lower case letters (like “E” and “e”) plus 0-9 numbers and various punctuation characters, can be made out of roughly 72 or so elements. So for a 7 character-password, that’s over 10 trillion possible combinations; while adding just one character increases it to over 722 trillion. Therefore if it took 37 seconds to break before , now it should take 44 minutes 24 seconds. Hopefully, that will be too much time and trouble, with so many other, easier targets available. So the best strategy is simple: … Continue reading

Posted in News, Security | Tagged , , , | Leave a comment

Recent Exploits Bode Ill for the Future

Every week new intrusive exploits by hackers are found across the Internet. Some unsuspecting new institutional victim is revealed to have been penetrated. Lately most have involved major commercial corporations which had personal data stolen, like the recent assault on health insurance provider Anthem. Three exploits that were announced last week took hacking to a new level. Each is breathtaking in scope, immensely sophisticated, and have apparently been around for quite a while before they were discovered. Each one by itself would merit alarm and concern by all thoughtful users, but taken together they signal scary times ahead for the Internet. One was an attack on the banking industry. Found by Moscow-based Kaspersky Labs, this is said to be the biggest and most sophisticated bank heist ever; over $1 billion dollars were taken from over 100 banks in 30 countries. The banks were scattered from Russia to the US, Germany, China, and Ukraine. And the means of attack varied from creating money out of thin air to reprogramming ATMs to spew forth cash – one doing so in Kiev before a gang-employed mule could pick it up was what apparently brought the heist to the attention of the authorities. The hackers apparently wormed their way in through a phishing attack that lured bank executives to booby-trapped webpages where they were infected. Once the hackers were inside the system, they watched the banks’ activities carefully, and mimicked them to remain undetected. … Continue reading

Posted in News, Security, Warnings | Tagged , , , , , , , , , , , | Leave a comment

Anthem Hack: Don’t Panic, Be Vigilant – Update

UPDATE: As of Friday the thirteenth, there have been few new developments save for much sound and fury. Anthem has announced that members and former members data going back 11 years to 2004 is at risk. And they are offering free credit monitoring and identity theft protection for them. See Anthem Facts for more information. The good news for New Mexicans is that so far it seems that Blue Cross Blue Shield of New Mexico is not directly affected. While local Blue Card members may be at risk (see below), it’s mainly customers in California, Colorado, Connecticut, Georgia, Indiana, Kentucky, Maine, Missouri, Nevada, New Hampshire, New York, Virginia, and Wisconsin that have been impacted. Also directly hit are Anthem’s subsidiaries, Amerigroup, Anthem and Empire Blue Cross Blue Shield companies, Caremore, Unicare and HealthLink. Also, no reports have yet surfaced that this data is being used or sold on the black markets. Further updates will be posted as events warrant.

Posted in News, Warnings | Tagged , , , , , | Leave a comment