With the ever-increasing amount of information we all store online, the stakes for securing our accounts are rising every day. Passwords alone are often failing to give us the protection we need, which leaves it up to us to make hackers’ work more difficult.

The story of Wired technology journalist, Mat Honan, and how his online life was devastated back in 2012 shows that even the most experienced Internet users can fall prey to hacker tactics.

“Previously, when I had the option for ease-of-use versus security, I always went the easy route,” wrote Mat. “[…] I never set up dedicated (and secret) email accounts for password management. I take those steps now.”

Creating these accounts is one of the simplest and most powerful tricks the average user can leverage to stay one step ahead of would-be attackers.

Read More

The security world has been rocked overnight by news of a database of hacked passwords of unprecedented size.

Over one billion password and username combinations, as well as upwards of 500 million email addresses are contained in the database, reportedly amassed by a young Russian crime ring, dubbed ‘CyberVor’ by Milwaukee-based firm, Hold Security.

At the time of writing, it is unknown which specific sites have been compromised, but the New York Times estimates that companies ranging from Fortune 500 giants to small businesses have been breached.

So, what can you do to minimise your risk in the face of this developing threat?

Read More

When we think of computer hackers, we often imagine a technical genius who’s turned to the dark side. However, hackers utilising a special type of attack will often employ tactics associated more with shady con artists than computer masterminds.

Dubbed “social engineering”, these attacks don’t require any particular computer savvy. Slick social skills and confidence in spades might be all that is required to get access to your account. Strong passwords are no match for this type of heist, with the weakest link in account security often being, well, humans.

In a social engineering attack, a hacker may pose as a banking official and call or send you an SMS advising you of suspicious activity; asking for verifying information such as the last four digits of your credit card number. You may be surprised by what this person already seems to know about you, knowledge which the hacker will use to gain your confidence and make any request seem perfectly legitimate.

Read More

A new, more secure way of logging in to your favourite sites involves more than just your password. Two-factor Authentication, Multi-factor Authentication or Two-step Verification is a simple idea that uses two different means of verifying your identity when you log in to your favourite sites. Matt Cutts of Google’s Webspam team told LifeHacker: “it requires both “something you know” (like a password) and “something you have” (like your phone).”

Many of us have already experienced the two-step authentication process when changing passwords on popular sites such as PayPal or eBay. These sites will often send you an SMS code before allowing you to change your password or other personal details. Now, you’re able to use this method to make your regular logins more secure, too.

Read More

Security researchers at ESET have launched one of the largest task-forces against a cyber-threat this year.

Aided by law enforcement personnel and scientists from around the globe, the investigation has showcased the dangerous and growing “Operation Windigo” malware threat, which targets the highly popular UNIX/Linux server platform used by the ‘Big Three’ server hardware manufacturers: IBM, HP and Dell.

By stealing server credentials, criminals have taken control of thousands of servers and websites world-wide, using the infected servers to send masses of spam, redirect traffic to suspicious content and widen the exploit by stealing more server login details.

Read More