- Joined
- Jun 22, 2007
- Location
- Texas, USA
Well if you think you are, you probably aren't. There is no such thing as “secure” there is only levels of protection. Short of literally unplugging your computer from the Internet and sticking it in a nuclear fallout shelter forever you can not assume your safe at home on your computer. And before you write me off as an alarmist or paranoid, I invite you to check my credentials, the one thing I do best is security. So what's the first step?
Denail
Most people think that because they don't have anything of value on their computer that they are safe. Or more frighteningly, they believe that Norton or Mcafee will save them. The fact of the matter is, you have been lulled into a sense of false confidence by your lack of understanding of how hackers work. A hacker doesn't want to destroy your computer, it's to valuable a asset to him.
Hackers look for computers not necessarily so they can steal your information or “blow up” your hard drive. (Yes I've heard that) Rather, they want to use your computer as a staging point for whatever they decide to do.
Why is hacking profitable?
Hacking wouldn't be as prevalent as it is today if there wasn't money involved. Little kids in their basements messing around eventually have to grow up. What do they do with their talents? Monetize them. Some choose to use this information to make money by stealing your identity, but the real cash comes in when they are able to extort money from businesses. They do this using your little computer.
They first infect your computer in order to make it an unwilling participant in a network of interconnected computers all with the same virus. Your computer then “phones home” to the master server that the virus was programed to use. At which point the master server can tell this massive network of infected computers to do something. “Okay” your thinking, “so what.” This is where it get's interesting. The hacker will come to a gambling site, or a online store of some kind. He will say something like, “If you don't pay me X number of dollars I will take your website down during Black Friday, or during the Superbowl” or whatever date is critical for that businesses' revenue stream. The business either pays the hacker money, or the hacker brings down the business.
When the hacker does this, he uses his master server to talk to all his computer zombies (your computer being part of that army now since you relied on Norton alone to save you) The zombie computers then begin flooding the businesses' website with trash data to clog their Internet connection so much that it literally kills their Internet connection. Taking them offline.
All that mess, because you thought your dusty old computer was of no value, or was protected by simply buying an antivirus program.
Acceptance
Acceptance of this simple fact either comes one of two ways, you listened to me or someone with a similar warning, or you yourself have been a victim of identity theft or had your computer dumped on by a virus. I pray you don't learn the hard way.
What can we do?
You can buy all the software in the world that should make you safe, but if you don't change your habits your only as safe as your software. And last time I checked, software doesn't read your mind. It doesn't know what should and should not be happening in your computer, only you can know that. It can only guess at what is generally a bad thing, not what truly is.
There are a few things you can do to make yourself that much safer online.
1. Never save your passwords
Denail
Most people think that because they don't have anything of value on their computer that they are safe. Or more frighteningly, they believe that Norton or Mcafee will save them. The fact of the matter is, you have been lulled into a sense of false confidence by your lack of understanding of how hackers work. A hacker doesn't want to destroy your computer, it's to valuable a asset to him.
Hackers look for computers not necessarily so they can steal your information or “blow up” your hard drive. (Yes I've heard that) Rather, they want to use your computer as a staging point for whatever they decide to do.
Why is hacking profitable?
Hacking wouldn't be as prevalent as it is today if there wasn't money involved. Little kids in their basements messing around eventually have to grow up. What do they do with their talents? Monetize them. Some choose to use this information to make money by stealing your identity, but the real cash comes in when they are able to extort money from businesses. They do this using your little computer.
They first infect your computer in order to make it an unwilling participant in a network of interconnected computers all with the same virus. Your computer then “phones home” to the master server that the virus was programed to use. At which point the master server can tell this massive network of infected computers to do something. “Okay” your thinking, “so what.” This is where it get's interesting. The hacker will come to a gambling site, or a online store of some kind. He will say something like, “If you don't pay me X number of dollars I will take your website down during Black Friday, or during the Superbowl” or whatever date is critical for that businesses' revenue stream. The business either pays the hacker money, or the hacker brings down the business.
When the hacker does this, he uses his master server to talk to all his computer zombies (your computer being part of that army now since you relied on Norton alone to save you) The zombie computers then begin flooding the businesses' website with trash data to clog their Internet connection so much that it literally kills their Internet connection. Taking them offline.
All that mess, because you thought your dusty old computer was of no value, or was protected by simply buying an antivirus program.
Acceptance
Acceptance of this simple fact either comes one of two ways, you listened to me or someone with a similar warning, or you yourself have been a victim of identity theft or had your computer dumped on by a virus. I pray you don't learn the hard way.
What can we do?
You can buy all the software in the world that should make you safe, but if you don't change your habits your only as safe as your software. And last time I checked, software doesn't read your mind. It doesn't know what should and should not be happening in your computer, only you can know that. It can only guess at what is generally a bad thing, not what truly is.
There are a few things you can do to make yourself that much safer online.
1. Never save your passwords
- Saving your password's to websites may seem like a way to make your life easier online, but all it really does is give a hacker an easy way to steal your valuable information. Do you really think that your browser is smarter than a trained hacker? Your passwords are stored in such a way that they have to be accessible in pain text. It's like writing your password down on the side of your mailbox. Eventually someone will see it.
- An alternative is by using Firefox with a “master password” set. This allows you to at least have your passwords hidden beneath a password that someone must know in order to get at your others. The catch is that you must type this password in every time you restart your browser. Also, if you set a trivial password like the name of your dog, or your birth date you'll only be as safe as that trivial master password. So make sure the password you choose is at least 8 characters long, has numbers and letters, has some upper and lower case and possibly a symbol thrown in there for good measure. This way the hacker will get bored before he hits pay dirt.
- I know, I know, it's dumb, your not downloading anything, and your not going anywhere. Right? WRONG AGAIN! How do you think those flashy images are getting into the email you just opened? Your computer must go to an outside site and actually ask that site for the data. Think that's safe? Sorry, it's not. In fact there was a recent exploit on myspace.com where a hacker bought an advertisement on their website. The advertisement was a carefully crafted image that actually ran a code on the unsuspecting Myspace user's computer, thus, infecting them with a undetectable virus. And by opening every email you see with images enabled, you are easily a prime target for hackers. If you must get images, only view images from companies you trust at the very least.
- It's a hassle for visitors, it's this, it's that. You live out in the middle of nowhere, I've heard them all. Fact of the matter is, if someone wants free Internet on your dime, all they need is a laptop and a car. So that narrows it down to, oh, say, 1/3 of the United States. Now, think of all the things you do on your home Internet. You access your bank? Your credit cards? What about your 401k? Your personal Instant messages to that special someone? These and everything else you send over your wireless Internet will be sent as clear as day to anyone with a computer and the will to get it.
- Here's how it all works, your computer literally has a radio strapped to it when you use wireless Internet. Similar to a walkie talkie. So imagine going through every bit of info you type into a website (including the address of the sites themselves) and saying all that information over a walkie talkie. Anyone with a walkie talkie will easily hear it and you are trusting anyone in earshot not to use this free information to go out and buy a car or take out a loan on a new boat. Trust me, the technology is proven, it's easy to accomplish, and it can be done on even a device as small as a Blackberry with WiFi capability.
- Also, make sure you use the WPA standard, Not the WEP standard. It's just just a matter of using a drop down box to select one or the other in most cases.
- If you don't have a clue how to do any of this, get a geeky friend or relative to help you out, if all else fails, hire a technician. If that even fails (and you enjoy feeling pain) call Best Buy's “Geek Squad” or Circuit City's “Firedog”
- Firefox has a proven track record of security, in addition Firefox has several powerful addons that make browsing the web easier and safer, and don't require a ton of guesswork and geeky know-how. Internet Explorer is much more difficult to configure for security, and just plain doesn't have the security addons that Firefox does. In addition, more exploits are in the wild for Internet Explorer vs Firefox. The hackers do this because they think that people using Internet Explorer are generally less informed about security or don't care about it. And as we discussed, ignorance is no excuse these days. It's only a way to exploit you.
- Get Firefox
- Get NoScript after you've installed Firefox and have it running
- Get Adblock Plus, when you restart Firefox it will ask what service you'd like to subscribe to (it's all free) click “EasyList (USA)” and click ok. This will block banner ads and other ads on websites. You'll notice the difference when you go to a site like Myspace right away.
- (Advanced Users Only, or get a nerdy relative) Get CSRF Protector
- (Advanced Users Only, or get a nerdy relative) Get CS Lite (And disable third party cookies)
- Once you have all the addons above installed you'll have a invisible safety net that extends MUCH further than even the mighty Norton or Mcafee products can provide. And, its all 100% free. Beat that. Also, it will all work without your input, meaning, once it's all installed, you can forget about it. If you run into a site that causes one of these addons to bring up a warning, just steer clear of that site, or that part of that site. Remember, you have to change your habits to be safe, simply dismissing the warning boxes that may come up on different sites will defeat the purpose of all this, because they addons are sending up warning trying to keep you from walking off the cliff, if you ignore that... well... you'll fall of the cliff just the same.
- When you simply close your browser (even Firefox) after being logged into a website, you leave the information that was used to give you access on the computer. This allows you to be exploited by different hackers and scams. Don't become a statistic. When your done you need to actually click the logout link on the page, this deletes your login information so that it can't be used for foul play. It's easy, it's simple, just do it.
- I don't care if your in your own home, if you have guests over, you are trusting them with your sensitive information when you leave your password out.
- Always make sure your passwords are 8 or more characters long and make sure they have a few numbers, upper and lower case letters, and possibly a symbol thrown in
- Bad passwords: “jenny12”, “041083” (your birthday), ilovespike (your dog), abc123 (your dumb)
- Good passwords: “J3nny!2%243”, “234352Ksj”, “!L0v3sP!ke6334”, “AbC1123.sde234”, or you can go to GRC.com and use the perfect password generator to make passwords. I generally snip off the first 8 characters and use that for things. That way I'm not making up easily guessable passwords, but at least after some practice I can type the random junk in pretty quick.
- OR, if all that sounds like too much work, Download the KeePass Portable Password safe for free. It password protects your passwords and can even generate more secure passwords for you to use. (Did I mention it's free?)
Last edited: