Wednesday 23 July 2014

Are you being hacked?


The word 'hack', and derivatives thereof, get thrown around a lot these days.

It's a popular word that is becoming increasingly meaningless.

People use it to cover a lot of different behaviors and activities. It seems to be most commonly used these days to refer to finding an account open. It's kind of like claiming that someone broke into your house when you left the front door open.

People also use it to describe scam accounts, 'parody' accounts, and other doppelgänger (I love that word) accounts on social media sites. This isn't really hacking either. It's more of an old school con with new toys, and is pretty easy to do even if you turn your security settings up. If this does happen to you, I recommend following this link. More often than not they're used for marketing scams, but are occasionally used for more malicious activities.

As a result of all of this, the term 'hacking' is wearing a little thin. I'm all for the evolution of language (and 'hack' has done its fair share), but at some point we should restrict the number of definitions we offer up for a single word within a single arena.

I'm more on board with the 'life hack' use of the word, as it is more in line with the usage that led to the definition that I'm complaining is currently in the process of being bastardised.

There is a great history of the term in one of the books I have floating around. I did spend some time looking for it before I started writing this, but I was unfortunately unable to find it. If I find it. I will share the title of the book with you.

Hacking Facebook is very difficult, and something that Mark Zuckerberg has been known to take very seriously, but 'hacking' Facebook is very easy, and is something that is more often than not wholly reliant on somebody leaving their account open.

Look, those are the two far extreme ends of the 'unwanted access' spectrum, and there are a variety of 'hackings' that can go on in between the two. Some of these aren't really hacking, and some kind of are. For the most part we, as individual users, are only really capable of protecting ourselves from the one end of the 'hacking' spectrum, and the rest is up to the people that provide the service.

In the Facebook case, their end of the spectrum is relatively tight. They appear to be pretty good at it. I'm not privy to what's actually going on over there, which is fair, but they look like they know what they're doing.

Your end is probably another scene entirely. Maybe not yours specifically, but yours generally.

There are a few things that you should be doing, and this is by no means an exhaustive list. This is just a good place to start.


Always log out properly
Whenever you use a computer that other people might be able to access, log out of Facebook (or other service) properly. Once you have logged out, delete the history, and close the browser. Then reopen the browser, and go back to Facebook (or the other service) to make sure the password hasn't been 'remembered'.

This isn't fool proof. Actually, far from it. It is better than not doing it though.


Don't use public computers
Don't log-in to anything on a public computer. Don't check your e-mail. Don't check your Facebook. Don't check on your World of Warcraft anything. Absolutely never do online banking on a public computer. Even if you are in the habit of logging out properly, there isn't much of a guarantee that there aren't key loggers on the machine, or something else with a similar purpose.

If it is an absolute emergency, and you really need to check one of these things (not your bank account) you should change your password on a trusted computer as soon as possible afterwards.

You shouldn't be doing it in the first place though.


Don't reuse passwords across services
This is a really big problem. I'm not gong to explain it. I'm going to let xkcd explain it for you

http://xkcd.com/792/

Funny comic. Serious problem.

Even if a site isn't out to get you, you have no idea how good/bad their security is. It's that weak link in a chain metaphor that people are prone to harp on about. This same metaphor is good for talking about the one person on your network/system who has atrocious password practices. 


Don't write down your password
I wouldn't have even mentioned this one, except that it came up recently when I found out that it is being taught at my brother's expensive high school as a way of remembering passwords. No!! Bad expensive high school. Very bad! 

This is ridiculous. Don't ever do this.

This is an absurd habit to get into, and is an incredibly irresponsible thing to encourage others to do.

I could tell you stories. Crazy stories. Instead, I am going to tell you about a very dumb thing that I did.

Some years ago when I started a new job, and I was inundated with nine logins with random string passwords in two days, I wrote down three that were behind other logins. That is just an excuse, and it was still a super stupid thing to do.

Well before the end of that week I had changed the passwords to something else, and left the note in my top drawer as a reminder that I am very often prone to doing incredibly stupid things, where it was found at a later date by the data manager in our office. How embarrassment!

Remembering a multitude of passwords is a good skill to cultivate, and is something that will become even more relevant in the future.

It is better to be inconvenienced by forgetting a password than to make it accessible to others. Especially in a professional scenario where there is an IT department who can reset it for you. They do have better things to do than reset your password, but I promise you that they'll be far more annoyed if they ever have a serious breech.

There is this whole problem with this too, in that I would frequently argue that the security checks used to reset a password are far too often incredibly insecure. That is a story for another time though.

There is this whole misconception about password strength anyway, which is covered pretty clearly by this xkcd comic on password strength.

http://xkcd.com/936/

I guess the real takeaway from all of this is that you should be reading xkcd. It/he is the business. You will be totally emsmartulised. Also, it is funny.

Cleverness is the wombat's cummerbund. It increases one's nattiness.

1 comment :

anita said...

More stuff like this!