Over the years I’ve talked to a lot of people, most of which are seeking advice or guidance on some kind of computing related subject, which is fine, I’m happy to help anyone looking to improve their ability. However, usually when sitting in a general chat room and people are aware of my computing ability I’ll often get a question along the lines of “Can you hack web based email accounts?”, the request usually comes from a 12-15 year old teenage boys. My usual response is to direct them to google. Now in reality, hacking someones webmail account isn’t really that hard if you know enough about the person.

For example, if you wanted to gain access to an account owned by a close family member you would probably already know enough information about them to answer the security questions that allow you to reset their password, hell you may even be able to guess their existing password.
Read the rest of this entry »

Some users, especially those who aren’t running Windows XP Service Pack 2 occasionally receive messages to their computers with the title “Messenger Service”. This is not to be confused with “MSN Messenger”. These messages commonly say you have viruses, adware, Spyware or other nasties on your system and you can fix them by going to their site and buying their software.
Read the rest of this entry »

According to the FBI, laptop theft is the second most common computer crime and less than 2 percent of those stolen laptops are ever recovered. Four in five (81%) of US firms have had at least one laptop stolen containing sensitive information according to a recent study.
Read the rest of this entry »

Earlier this week, a friend inconvenienced by a response to an security incident. The IT Services department (of his University) noticed an attack over the weekend, and as a result several user accounts were compromised. Their response? To give everyone two grace logins before their password expired and their account locked. A message was to be displayed on login, to this effect, asking users to change their passwords before they log in again.
Read the rest of this entry »

Several people I know have expressed concerns recently over Internet banking. The news and other media are always running stories on how insecure the Internet is, but lets not forget that it beats the other methods of remote banking by a long shot.
Read the rest of this entry »

Do you have one of those USB pendrives? Maybe an MP3 player? How about a USB watch? Or a mobile phone with a USB port? And how many work on a computer with USB ports? Now, of those with your hands raised, how many work with data which could be considered confidential? Now, consider you’re an employer, you run a business working with various forms of sensitive, confidential, perhaps even classified information. Trade secrets, financial reports, medical records, personnel records… Take a look at the sea of people with their hands still raised. These are yet another security threat facing your business.
Read the rest of this entry »

Most people, these days, seem to have antivirus software on their computers. Partly, I suspect this is due to it being preinstalled by the shop they bought the computer from, but also, it is due in part to better education of users on how to prevent viruses. Of course, simply having antivirus software isn’t enough; user education now needs to focus on how to use it.
Read the rest of this entry »

In a state of complete exhaustion from having to clean friends’ computers repeatedly of viruses and other malware, I’m going to babble on a bit about patching and updating your software.
Read the rest of this entry »

As my recent experiences with a bank (which shall remain nameless) confirm, some people take security too far. There is a point at which more security measures actually reduce security, rather than increase it.
Read the rest of this entry »

As the number of wireless routers and access points in homes and small offices rises, seemingly exponentially, wireless crackers and wardrivers are exploiting the endless supply of unsecured wireless access to obtain free internet access, and gain anonymity in their exploits. In most cases, users don’t even bother changing the default access username and password, allowing any attacker to connect to their network and change the wireless settings. Even less common is the use of encryption. Encrypted wireless access would prevent users who do not know the encryption key connecting and making use of the wireless access.
Read the rest of this entry »