Social Media « IT Security Geeks

The Times They Are A Changing….

There’s been a lot going on over at ITSG over the past few months and we’re almost ready to share it with everyone.
Keep an eye on the blog as we’ll be posting all updates and news on here over the upcoming weeks.
Stay safe out there people.


Personal Risk

The concept of risk has been an important one for me to consider in this industry. It is important to think of risk not just as “a thing that could happen” but as how likely said thing is to actually happen. We all do this subconsciously on a daily basis, if this weren’t the case then we would be perpetually paranoid and terrified about sudden tectonic shift or meteor strikes. In reality we are blasé about these dangers since we understand that the actual risk of such an event happening is tiny. The fact that we are largely powerless to do anything about such events may also play a part in this carefree attitude.

But what about the things we can control? Most of us are smart enough to look each way before crossing a road as we understand that not checking for cars will greatly increase the risk of being hit. Auto-mobiles are a technology that we have long grown accustomed to and few are blasé about the dangers and consequences of high speed collisions. Smart phones, on the other hand, have been around for a fair few years now and it seems that most people still don’t think to check whether or not their phone’s settings are causing any photos or videos they may take to be automatically uploaded onto a “cloud” storage server. Once that happens, once potentially deeply personal files exist on two systems as opposed to one, then the risk of them being stolen by malicious hackers effectively just doubled.

When discussing the matter of personal security with peers in a social setting I have found that a lax attitude is the norm. Common phrases are “What are the odds?”, “I’m not interesting enough to be targeted” or it’s immensely frustrating cousin “I’ve got nothing to hide”. How can someone know this if they don’t know what a hypothetical attacker is looking for? As we continue to embrace more and more technology into our daily lives and entwine it so tightly with social media then, as a whole, we really need to start thinking differently on these topics.

The odds really aren’t very good for us and it does sometimes seem to me that the reason many people think that they are, is because their heads are stuck ten years in the past as far as their awareness of attack methods go. Many a person has proudly announced to me that they don’t have any viruses because they have a firewall and they don’t click on suspicious emails and they don’t go on “dodgy” pornographic websites. This underlines a worrying lack of understanding when so many believe that their traffic management system is an infallible security measure. While the occasional and incredibly obvious scam email still does the rounds there are more advanced and complex phishing methods now, especially with the “rise of the app”. And the idea that only porn sites could be potential vectors for infection is very much an old fashioned one. Just the other day Malwarebytes announced via blog post that the Mail Online site was hit by an exploit that could infect vulnerable systems with ransomware. This is a website that boasts 156 million visits per month. There are so many attacks happening, all the time, and if you never think about your tech’s security, then the chances are you’re going to get hit or that you already have been.

-JG


Filed under: ITSG,News,Phishing,Social Media

Twitter Two-Factor Authentication, and why you really should be using it…

For those of you reading this that have no idea what Two-Factor Authentication (2FA) is, let us try to explain. 2FA is a more secure authentication mechanism that provides a lot greater security than just passwords. Let’s face it people, passwords are no longer secure, they can be cracked (or worse yet,guessed!)

The strength of a password is based on a lot of different factors such as, the length of the password, if special characters ($£@&*, etc) were used, if a mixture of UPPER and lowercase characters were used, if the password is a mix of alphanumeric characters, and of course the encryption algorithm in use.

Unfortunately passwords aren’t going away anytime soon, so in the mean time we all need to use the most secure passwords we can. We would currently recommend using a password that is no shorter than 10 characters, contains a mix of alphanumeric and special characters, and contains both upper and lowercase characters.

Another problem with the use of passwords is that most people still use the same password for all their logins, Facebook, Twitter, Google, online banking, etc. You can probably see where all this is going, if you’re using the same password for all or most of your logins, when one of those web sites gets hacked, your password could be too. The hacker(s) would then have access to your most commonly used username and password to go and try on other popular websites.

There was a story in the news a little while ago about a Tech reporter who’s iCloud account was hacked. As if that in itself is not bad enough, the hacker then proceeded to wipe all this users’ Apple devices, his iPhone, iPad and Macbook Pro were all remotely wiped by the hacker. The way that this reporter was hacked was more complicated that just cracking his password, but this is mentioned here to show the damage that could be done if you are using the same password on multiple websites.

2FA is made of two separate parts of information, something you know (a password for example), and something that you have (a text token (SMS), a smart card, etc.) To authenticate to a system that is using 2FA, you need to present both pieces of information before being allowed access. With 2FA even if your password is compromised, and attacker would still not be able to gain access to your account without the second piece of information (something you have). Some banks have been giving out card readers that you put your bank card PIN into, and they generate a code to allow you to sign into your online banking accounts with, this is a form of 2FA. Without this card reader, you cannot gain access to your account with only a password, you need both pieces of the puzzle.

Twitter has upgraded their authentication mechanism to support 2FA, and based on the above you can probably see why it’s a good idea to enable it. Twitter has called it’s version of 2FA Login Verification, and what this means is that once you enable it, you will need to register a cell phone number. Once this number is registered to your account and verified, every time you sign in to Twitter.com a code will be sent to your phone that you will need to enter on Twitter.com. If you’re using a Smart phone with the Twitter app, the notifications will come through the app. This authentication process also takes place when you try to sign into Twitter using any of the numerous Twitter clients out there.

So, how do you go about enabling this added security to your Twitter account? Just follow the steps below and you’ll be good to go.

1. Login to Twitter.
2. Visit your Account Settings page.
3. Select “Require a verification code when I sign in.”
4. Click on the link to “add a phone” and follow the prompts.
5. After you’ve enrolled in login verification, you’ll be asked to enter a code that is sent to your phone each time you sign in to Twitter.com.

That’s it, you should now be using 2FA for your Twitter account. Just remember that if you’re using your Twitter account for business, or if you have it linked to other sites (Facebook), then it’s even more important that you enable this.

Stay safe out there people.


Filed under: ITSG,News,Social Media