Security

Tips for making your presence on the internet less likely to attacks

Easy encrypted email

Published December 19, 2012 | By Carlos M.

In my daily communications with clients and providers I’ve noticed that sometimes they will send confidential information over email. I have received credit card information, social security numbers and other data that in the wrong hands can wreck havoc. I appreciate very much the trust these people put in me, but the fact is that email in transit is in OPEN TEXT form for EVERY computer between the sender and the receiver can read it. There are typically one or two dozen computers in any internet communication and trusting everyone in that chain is extremely naive at best.

Emcrypt your message easily, protect your informationI just discovered a service called Encipher.it that will solve this problem. you just need to visit https://encipher.it/ and write your message in the box. when you click on “Encipher It”, it will ask for a password (called an encryption key in spy parlance) and it will convert your message into gibberish.

 

 

 

 

 

 

For example, I used it to convert:

The quick brown fox jumps over the lazy dog. The quick brown fox jumps over the lazy dog. The quick brown fox jumps over the lazy dog

to

EnCt28070c2f6ffc645fabbd087024256938eb2ba3c038070c2f
6ffc645fabbd08702K4MihJ/DkQMYtPvd0VA4AMsZdSIbul5ai/
of3Gp9qYQrFD3yJBQQHtzgZrJFciYmkxkonSTuDM7g7D7ow2
aENwokAhV0v12tQfKiLj5h5HmZ5hA4NdXoVQKWJ2DZYCVO
kCJoD5r4yMxUWwNUrvh7y0Qy5ModBzGPjjqdF4ytDlGqiuPQ
M8JqRqGSreaIiPUspLcHIwEmS

Using ‘password123’ as the encryption key (a TERRIBLE password by the way, please read my article about password strength HERE http://goo.gl/36yti)

You can copy and paste this encrypted message into your email (it has a feature to directly insert into Gmail or Google Mail for Business) and you can even ask to convert it into a short URL, you send the encrypted version and then you can contact the person receiving the message via phone, fax or a SEPARATE email message. This last option diminishes the risk because each email is likely to take a different route but is much less secure.

To watch a video on how it works please click HERE https://encipher.it/help#video

You can set up a bookmaklet in your browser if you want to but is not required. I tested with my iPhone and it worked as expected and they even have a mobile website that works great

PC World published a review HERE http://goo.gl/FCiYT

Hope this little tip can make your communications more secure.

 

 

 

Posted in Email, Security | Leave a comment

How fast can your password be cracked?

Published August 28, 2012 | By Carlos M.

The question is not if your password can be cracked, it is how fast. Black Hat hackers (determined outlaws looking to steal on the internet) are using sophisticated yet affordable hardware to crack passwords.

PC processors constantly increase in computing power either by increasing the speed, the efficiency and/or the number of processors -or cores-, but hackers are now installing multiple graphic cards, which have incredible computing power to build mini supercomputers just to crack passwords. A PC running a single AMD Radeon HD7970 GPU, for instance, can try on average a mind boggling 8,200,000,000 password combinations each second, hackers have set up systems with 8 graphic cards that allow more than 16,000 cores cracking passwords at neck breaking speeds.

Most internet users have 25 accounts for which only 7 passwords are used and each is composed of 8 characters or less.

Leaks of password files have terrible consequences, because hackers get a picture of the passwords people are using instead of trying with completely random collections of letters, numbers and symbols, which makes things a lot easier for them. They use this knowledge to build dictionaries to try in any system forcing their way in EVEN FASTER.

Recently a client gave me his credentials for uploading a video and the combination was equivalent to User: ‘smith’ Password ‘smith123

That is a quite obvious and weak combination, and the website http://www.grc.com/haystack.htm tell us that the password will be cracked in 0.029 seconds in a massive attack. Let’s strengthen it:

 Changing it a little with some substitutions to:

Sm1t4!@3

(Using capital S, 1 instead of i, 4 instead of h and the symbols on top of the 1 and 2) still similar to ‘smith123’, is a great improvement since it will take 1.12 minutes to crack but if we pad it with symbols:

{}{}{}{}Sm1t4!@3{}{}{}

it will take a whopping 1.04 hundred million trillion centuries. There are determined hackers out there, but I can assure you they are not THAT determined. I can also bet you that your bank won’t be around by the time they crack the password. Once you type it a few times this becomes an outrageously strong yet easily remembered password.

 Here are recommendations on how to cover all your bases:

  • Generate looooong passwords like the one described above and store them in secure websites like http://lastpass.com or http://passwordsafe.com protected by an equally strong but memorable master password.
  • Generate a unique password for every account you use on the internet.
  • Change your passwords at least every 6 months. Change it immediately if you have the suspicion that security has been breached.
  • When signing in into websites make sure the address of the log-in page starts with https:// and not http:// it means that what you type is encrypted and attempts by others to eavesdrop on your connection to the server to which you are accessing are futile.

 

Posted in Security | Tagged , , , , , , | Leave a comment

Recent Comments

    Hosting Services | Video Production | Website Development

    Copyright © 2012. All Rights Reserved.

    Designed by AMPHION communications.