Site icon IT World Canada

Cyber Security Today: Another cryptocurrency wallet theft, more on password security

Cyber Security Today - podcast feature

Another cryptocurrency wallet theft reported, more on password security and why you shouldn’t contribute to a privacy breach.

Welcome to Cyber Security Today. It’s Wednesday July 11th. I’m Howard Solomon. To hear the podcast, click on the arrow below:

 

Another day another cryptocurrency wallet theft. The victim this time is the Israeli-based Bancor Network exchange, which said this week someone made off with $12.5 million in Ether, $1 million in Pundi X’s NPXS token and $10 million in Bancor’s own BNT digital currency. That’s a total of $23 million dollars worth. The BNT currency was frozen, but whoever had the other stolen currency may be out of luck. Bancor said the theft was caused when a digital wallet that held some smart contracts used for a digital transaction was compromised in an upgrade. Also this week the popular online digital currency wallet service MyEtherWallet warned people who use the Hola virtual private network extension in their Chrome browser to quickly transfer their money to a new wallet. A virtual private network, or VPN, is only good for masking where a user comes from. The data isn’t encrypted all the way. It appears someone may have been able to read a Hola user’s digital wallet login.

Some people like digital currencies. Maybe in the future we’ll all use them. But right now the security of digital wallets hasn’t been nailed down.

Wondering how criminals can get into your computer easily? They compile, share or sell lists of stolen passwords and user names, then automate attempts to login in. This has been going on for some time. The latest news from Australian security researcher Troy Hunt is the discovery of a new list on a web server in France with 111 million email addresses. That site has now been taken down, but criminals might have copied it and are still using it. What makes lists like this useful is that people do two unsafe things: Use passwords that are easy to crack – like 12345, or the word “password” – and re-use their passwords on several web sites. Even passwords with adjoining letters are easy to guess. Not only can “asdfg” be broken, so can combinations like “qazwsx.” If you don’t get that one, look at a keyboard. Sure it’s hard to remember lots of passwords, but experts say you should do three things: Get a password manager, use passphrases of unrelated words rather than try to jumble letters and numbers and make sure you don’t use the same passphrase twice.

If you find my podcast on ITWorldCanada.com there’s a link to Troy’s blog with more information.

Finally, there are those who are victims of privacy attacks, and those who willingly contribute to them. I’m thinking of a woman and her boyfriend on a U.S. flight that were so interested in two strangers in the adjoining row talking and getting acquainted with each other that they started tweeting and photographing about what they figured was a fledgling romance. Listeners, a smart phone doesn’t give you the right to photograph and comment on everyone you see. Please use some common sense – before you get sued for invasion of privacy.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening. I’m Howard Solomon.

Exit mobile version