Cyber Security Today: Nov. 9, 2018 — No free digital coin, drone site vulnerability and make passwords longer

Beware of Twitter messages promising free cryptocurrency, a drone manufacturers’ website patched and how to make passwords safer.

Welcome to Cyber Security Today. It’s Friday November 9th. To hear the podcast click on the arrow below:

 

Cyber Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

Everyone loves the idea of getting Bitcoin or some cryptocurrency for free. Listen – when someone on the Internet says they’re giving away digital coin for free, it’s a scam. Someone has been hijacking accounts purporting to be billionaire entrepreneur Elon Musk and giving away Bitcoin. The latest attempt used the Twitter account of British film distributor Pathe UK. Security reporter Graham Cluley said another hijacked Twitter account belonging to a British retailer is doing the same thing. First, to make sure you’re not a victim turn on two-step verification of all your accounts – mail accounts, social media accounts, bank accounts. Second, please remember no one gives money away.

Updating the common software you use – Windows, Android, iOS, Microsoft Office – should be second nature by now. But you have to update everything else you have. This came to mind this week with news that Check Point Software found a vulnerability in the user identification system of a website run by a company that makes drones called DJI. Their personal data could have been hacked. So could the data of corporate users of the DJI FlightHub software. That hole has now been plugged in an update. So check the websites regularly of all the apps you use for updates.

By the way, that includes devices, too. A report this week says a new botnet has been discovered that uses a vulnerability in Internet routers. The botnet is believed to have infected around 400,000 devices around the world, including in India, the United States, Canada and China. Regularly check your modem and WiFi router manufacturers’ websites for updates.

Finally, last week while editor Brian Jackson filled in I was at the annual security conference of the Municipal Information Systems Association of Ontario. This is for people who protect the IT systems of towns and cities. One sessions I sat in on was a demonstration by Adam Abernethy, the network security manager for the city of Oshawa, Ont., on hacker tools used to crack hashed passwords. Now, a password that has been hashed is not like one that has been encrypted. An encrypted piece of text is meant to be unencrypted (with approval). A hashed text isn’t supposed to be unscrambled. Nevertheless. Abernethy showed that if a hacker can get hold of a database of hashed passwords they can be quickly cracked if they are too short. The lesson here is all your important passwords should be longer than eight characters. Forget about mixing up letters and numbers. Chose three words to create a phrase whose initials mean something to you so they’re easy to remember. For example chose three unrelated words starting with C, A and T. CAT will trigger your memory for that particular site. Separate each word by a space. Want to be really safe? Google that phrase. If no match is found, that passphrase is good.

That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Podcasts or add us to your Alexa Flash Briefing. Thanks for listening. I’m Howard Solomon

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now