Well, if Microsoft, Facebook and Google have anything to say about, yes. But, recall that back in 2004, Mr. Bill Gates predicted the death of spam by 2006. Of course, by all accounts, the problem is worse than ever.
Enter the aforementioned titans who along with PayPal, LinkedIn, Bank Of America and others are getting lots of press about a proposed new internet standard called DMARC, or Domain-based Message Authentication, Reporting & Conformance. Some of the headlines noted by Sophos in a recent blog post:
Google, Microsoft Say DMARC Spec Stops Phishing (Information Week)
Google, Facebook, Microsoft in PHISH-FIGHTING smackdown (Channel Register)
[DMARC] could dramatically slash the amount of spam received by hundreds of millions of people (Financial Review)
If you’re responsible for the mail infrastructure in your organisation, you might be a little sceptical at this point. You’re probably asking yourself, “What happened to SPF and DKIM, which themselves were going to be the scourge of spammers?”
The answer to your sceptical [sic] question about DMARC is that it doesn’t replace SPF or DKIM, and it doesn’t replace your current email security and control solution. In fact, it is predicated upon them, to the point that DMARC’s official first step in its implementation guidelines is:
* Deploy DKIM & SPF. You have to cover the basics first.
So, will it work? We can only hope.
Well, in this case, it’s the BBC from an episode of “Spooks,” a TV drama which follows the complicated lives of MI5 agents. Seems the Russians are trying to launch a DDoS attack on Britain’s computers in order to collapse their economy. The Ruskies are using a submarine that can intercept transatlantic Internet cables. Interesting concept.
Anyway, MI5 has a “zero day virus” and 30 seconds in which to launch a counter-attack against the sub. Now, this is completely over the top, but it makes for a good story.
Most TV and movie depictions of hackers and malware are off the mark because they are trying to dramatize something that isn’t very dramatic in real life. Most malware is pretty humdrum when you get down to it and hackers are rarely spotted in real time. See what you think about this clip:
[kml_flashembed movie="http://www.youtube.com/v/0oTZFDrmE30" width="560" height="315" wmode="transparent" /]
Chuck Norris dies at age 71! Not a Joke.
See the video to find out how he died. News today of Chuck Norris death at age 71 has been met with confusion and humour, but sadly it is true.
If you are gullible enough to click on the link, you will be presented with a survey scam like the one below.
And it’s probably a good idea to change your Facebook password while you have it on your mind.
Why do people do things like this? Simple, they do it for the money. Every survey someone fills out results in a payment to the scammer. It’s called “Cost Per Action” marketing and the scammers are just trying to run up their numbers. It’s illegal and they’ll get banned from the program if they get caught, but they can make a good haul before that happens.
Don’t help line their pockets.
As promised, I am posting the full audio file of my recent interview with Mary Coon of Motivational-radio.com. We talked about online security and there was some great music (chosen by me) during the breaks. Be sure to listen to the first part of the interview to find out what life was like online during the early days of the Internet. I guess I give my age away, but you’ll find it fascinating if you didn’t experience it for yourself.
Download Interview with Mary Coon. (Will either open an audio player or will play in a browser window depending on your settings.)
I recently did a 2-hour special interview with Mary Coon of Motivational-radio.com on the subject of online security. We focused on my “14 Golden Rules of Computer Security” (which is currently being revised and will help launch my new site) We had a very lively discussion. More interviews are planned for the future. I guess I’m now a radio “star,” at least online. Seriously, though, I think you should check out the site. I’ve been keeping it playing in the background. When there are no actual interviews or special programs running, they play some great inspirational and motivational music.
My show airs Wednesday, January 25, 2012 at 8 pm EST. Please make it a point to listen. I think you’ll like what you hear, as I certainly enjoyed doing it.
Who knows? There may be a podcast in my future…
After the show airs, I will post the audio file here for you to download and pass onto to your clients and family.
This news is already getting old, having broken yesterday; however, there’s some good advice issued by Tony Hsieh, CEO of Zappos. I’ll get to that in a minute, but you might want to read his blog post.
So, Zappos got hacked. Customer account information on 24 million customers including names, e-mail addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers and/or the cryptographically scrambled passwords was obtained by the criminal(s). The actual passwords weren’t obtained, but we can assume the hackers will try to crack the crypto.
The email sent to the customers contained some great advice: “We also recommend that you change your password on any other web site where you use the same or a similar password.” Not that you should ever use the same password on multiple sites, but this is great advice. If you are an affected Zappos customer, be sure to take this advice and go change that password on the other sites. Just make sure that for each site you change it on, you use a different password, not the same one over and over.
To be honest with you, I do use a certain set of passwords that are the same on multiple sites. The sites I use these passwords on are not anything important and the passwords I repeat are never the same passwords I use on shopping sites and other critical financial sites; those are all different, very strong passwords.
With all the great password advice I’ve been giving you over the years, there is no reason for you to have any trouble coming up with good, easily remembered passwords.
As you know, I am a big fan of Steve Gibson’s Password Haystacks concept. The idea is very simple and makes it easy for anyone to create secure passwords that are also easy to remember. Last September, KABC in Los Angeles did a short news segment that full explains the essence of the password haystack. I was impressed. See what you think.
Has your Gmail, Yahoo, Hotmail or Skype account ever been hacked? If so, you either have an extremely guessable password, or you gave hackers your login credentials by putting them into a password honeypot. What the heck is a password honeypot? Good question. Let me give you a bit of background.
The good guys who fight malware set up servers and computers that are directly connected to the Internet and which are deliberately left vulnerable to malware infection. They do this knowing that the bad guys will infect the machines as soon as they find them. The good guys then have an in-the-wild copy of the malware that they can reverse engineer to see how it works. This is the good version of a honeypot. All of the major anti-malware companies continually monitor their honeypots to discover new malware and variants of old malware.
The bad guys want to hack you and steal your credentials so they can gain access to your accounts for nefarious purposes, such as sending spam, stealing the money from your bank accounts, hijacking your credit card numbers, or even stealing your identity. Besides other, more conventional methods such as email links and poisoned search results, the bad guys set up websites that pretend to give you access to good stuff, often free software, games, etc, and force you to “create an account” to gain access. This is the bad version of the honeypot.
The bad guys know that most people always use the same login name for everything and often also use the same password for everything. Create an account on one of these password honeypots, and there’s a good chance the bad guys have what they need to make your life miserable. Once they have the credentials you used to create the honeypot account, the bad guys (or their hired cronies) will try those credentials on all of the major email, social networking, banking, and credit card sites.
This is one very good reason never to use the same password on more than one site; and, certainly never use the same credentials ad your financial accounts. I have a very specific username for certain types of sites I don’t trust and I always use an unguessable, different password for each one.
Oh, I can already hear the groans and see the rotten tomatoes flying my way. But wait! There’s a way to recycle your favorite passwords without compromising security. It’s rather ingenious, if I do say so myself. All you have to is set up a recurring, shifting pattern based on your password change cycle. This will work on your job as well as at home. Inspired by Steve Gibson’s Password Haystacks, and completely in line with my New Password Paradigm series of posts, this method of recycling passwords makes it easy for you to comply with your corporate password policy, without getting stumped about what password to use next.
The first thing you will want to do is take out a piece of paper; you are going to write down your password pads, i.e., the characters you are going to add to your “standard” password. (Don’t worry, you won’t be writing down the actual password, that’s going to be something you will easily remember.) I suggest you use two characters at the front and two characters at the end, but that’s entirely up to you. The key is to make a secure password that is not only easy to remember, but different every time you are required to change it.
For the sake of illustration, let’s say that you are required to change your password monthly and that you cannot use any of the last six passwords you previously used. That means you must have seven “pads” that you rotate. (DO NOT USE the pattern I propose here; change it to make it your own!) You could do it this way: on the left side of your paper, write down the numerals 0 through 6 placing each on a new line. Then pick seven different uppercase and lowercase letters and some symbols and write one next to each numeral. My example list looks like this:
Now, either choose your favorite, easy-to-remember word or phrase, or use the favorite password you use for everything (I KNOW you do that, so don’t worry about it). For this example, I’ll use password.
At the first password change, use 0!password, 0!Password, 0!password0!, or whatever variation you wish, provided that you will remember it easily. Remember, the longer, the better. Cross off the pad you just used and each time you have to change the password, just change the pad and cross it off. After you use the seventh one, you can start over at the top of the list and the server should allow it.
One caveat: some password policy engines require a certain number of characters in the new password to be different from the old password. That’s no problem, just use the pad more than once or twice and you’ll be good to go.
Simple. Secure. Easy to remember.
Happy New Year!
I promised you a solution and here it is!
[kml_flashembed movie="http://www.youtube.com/v/K5pOWP0nGBE" width="425" height="350" wmode="transparent" /]