security

How fast can your password be cracked?

Published August 28, 2012 | By Carlos M.

The question is not if your password can be cracked, it is how fast. Black Hat hackers (determined outlaws looking to steal on the internet) are using sophisticated yet affordable hardware to crack passwords.

PC processors constantly increase in computing power either by increasing the speed, the efficiency and/or the number of processors -or cores-, but hackers are now installing multiple graphic cards, which have incredible computing power to build mini supercomputers just to crack passwords. A PC running a single AMD Radeon HD7970 GPU, for instance, can try on average a mind boggling 8,200,000,000 password combinations each second, hackers have set up systems with 8 graphic cards that allow more than 16,000 cores cracking passwords at neck breaking speeds.

Most internet users have 25 accounts for which only 7 passwords are used and each is composed of 8 characters or less.

Leaks of password files have terrible consequences, because hackers get a picture of the passwords people are using instead of trying with completely random collections of letters, numbers and symbols, which makes things a lot easier for them. They use this knowledge to build dictionaries to try in any system forcing their way in EVEN FASTER.

Recently a client gave me his credentials for uploading a video and the combination was equivalent to User: ‘smith’ Password ‘smith123

That is a quite obvious and weak combination, and the website http://www.grc.com/haystack.htm tell us that the password will be cracked in 0.029 seconds in a massive attack. Let’s strengthen it:

 Changing it a little with some substitutions to:

Sm1t4!@3

(Using capital S, 1 instead of i, 4 instead of h and the symbols on top of the 1 and 2) still similar to ‘smith123’, is a great improvement since it will take 1.12 minutes to crack but if we pad it with symbols:

{}{}{}{}Sm1t4!@3{}{}{}

it will take a whopping 1.04 hundred million trillion centuries. There are determined hackers out there, but I can assure you they are not THAT determined. I can also bet you that your bank won’t be around by the time they crack the password. Once you type it a few times this becomes an outrageously strong yet easily remembered password.

 Here are recommendations on how to cover all your bases:

  • Generate looooong passwords like the one described above and store them in secure websites like http://lastpass.com or http://passwordsafe.com protected by an equally strong but memorable master password.
  • Generate a unique password for every account you use on the internet.
  • Change your passwords at least every 6 months. Change it immediately if you have the suspicion that security has been breached.
  • When signing in into websites make sure the address of the log-in page starts with https:// and not http:// it means that what you type is encrypted and attempts by others to eavesdrop on your connection to the server to which you are accessing are futile.

 

Posted in Security | Tagged , , , , , , | Leave a comment

Do you want to know who is your neighbor?

Published July 26, 2012 | By Carlos M.

Do you know what other websites are in the same server as yours?Today I received a request from a customer to make a change on their email. They moved their main website to another provider and are hosting in one of our HUGE competitors where your website is in a cluster server with maybe 10,000 others. I researched what company they were using so they could contact them directly and just by curiosity took a look at what other websites are been hosted on the same IP address (analogous to a physical street address on the Internet). At the very top was www.racial-humiliation.com. The site is plagued with anti-semitic, anti-islamic and aryan racist verbiage that turned my stomach. It claimed to be “entertainment” but it exposed a big chunk of what I consider wrong with our society. By far their favorite is the “n” word.
In all fairness the nature of your server neighbors may not affect you greatly. Google used to penalize websites that shared the same IP address on their searches, but they changed their formula years ago. The most relevant implication that sharing that IP address (or block) has to do with email. If one of your neighbors is actively spamming or has been hacked from the same server where your website resides, the whole server will quickly get blacklisted and suddenly you may stop receiving email inquiries from your contact form, your clients will not get their confirmation email when they place an order on your eCommerce store and your newsletter will bounce back from major email providers like Comcast, Hotmail Gmail etc.
That is the big advantage that we, “Boutique Web Hosters” have over the hosting farms. Not only do we take pride in our technical support and getting things solved fast, but some of us are very picky on who do we accept as clients. In our case we have 3 redundant monitoring solutions to discover hacking, spamming and other breaches of our terms and conditions. plus a very aggressive set of tools installed on our servers to prevent them in the first place.
In the end is a matter of choice as a client: Do you want to have your office or store in a building with guards, CCTV, intrusion prevention and security doors or do you want to have it in a building where the KKK meets, a fly by night scammer lures people in and drug dealing is done on plain sight. Do you think that the difference in price of 4 cappuccinos versus 1 capuccino of rent per month is worth it?
I’m very eager to hear your opinion, please share.

AMPHION communications develops solutions for the small and medium sized businesses. We are expert implementing Google Apps for Business. AMPHION has been in the Web and Email hosting business since 1996 and our goal is to develop solutions that allows us to render better service and have happier clients.

Give us a call at 888-AMPHION (888-267-4466) for a free 10 minute consultation and see if what we are doing for our clients can help you.

Posted in Hosting | Tagged , , | Leave a comment

Is your email address hurting your Business?

Published July 20, 2012 | By Carlos M.

As new media professionals we deal everyday with requests from prospects, clients, providers and other parties, and just by looking at their email address we can tell a lot. A prospect who is looking for website development or hosting with an aol.com address -in our experience- spells trouble. Being still attached to AOL as a business resource tells us that you are likely very reluctant to change or that you are technologically averse. Not very different from asking us “I want a website but I don’t do email”. (insert sound of alarm going off)

NOTE: I have nothing against AOL, was their customer from 1996 to 1998 and it once was the dominating online provider, but it is a company that got complacent in its business model, trying to make it easy for the customer but refusing to adapt to an ever changing environment. Their services fulfill a role in personal communications, but we deem them very lacking in the business ecology.

Let’s revise our recommendations for business email:

  • Use your own domain: Instead of using ForImage@hotmail.com set yourself up with info@ForImage.com (obviously an example only), here is why:
  • Your domain is yours: As long as you pay the domain registration (ForImage.com in this example) only you own the use of it. That works towards building your brand, it tells everybody you are serious and accountable about your business.
  • Your domain is portable: You are not tied to a provider, you have the capability of moving your operation to another provider if you want/need. If your email address is ForImage@yahoo.com and you change providers you have to notify every party you do business with of the change and you will most probably lose business.
  • Your can increase your productivity: By embracing a new technology your email can become way more than your email. It can become your instant message platform, your scheduling system, your document collaboration platform and a lot more.
  • You have control over mail flow: you can set up info@ForImage.com to send copies of every email to Joe@ForImage.com and Kate@ForImage.com and even set rules of which emails to send or delegate someone in your organization to screen your email.
  • You can have your email everywhere: Modern email implementations (notably using IMAP) will hold the email on the server so you can access it from your office PC, check it, search and reply from your tablet at the coffee shop and check it again in your home PC, accessing all the time the same messages in all the devices.
  • You can expand the use of your domain: Your domain allows you of course to have a website set up on ForImage.com and/or www.ForImage.com but you can also set up fb.ForImage.com to re-direct to your Facebook page and tw.ForImage.com to your Twitter feed.

I’d love to hear your opinion

AMPHION communications  concentrates in Google Apps for Business. We have been doing Web and Email hosting since 1996 and have discovered that relying in Google for email and online collaboration means better service and happier clients.

Give us a call at 888-AMPHION (888-267-4466) for a free 10 minute consultation and see if what we are doing for our clients can help you.

Posted in Email | Tagged , , | Leave a comment

Recent Comments

    Hosting Services | Video Production | Website Development

    Copyright © 2012. All Rights Reserved.

    Designed by AMPHION communications.