Cyber Security Today – Password protection, charge your smartphone and updates to watch for

Password protection, charge your smartphone and updates to watch for.

Welcome to Cyber Security Today. It’s Monday October 14th, I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com. Today is Canadian Thanksgiving. Thanks for listening.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

How long can it take for a hacker to break a list of stolen passwords? It depends on how well the list encrypted. I learned that at a security conference last week in Toronto, where British expert Will Hunt said it took him less than two days to crack 90 per cent of a list of 380,000 passwords. This with a special-built computer that costs $5,000. There were several lessons from this presentation. For all you security experts at companies, this dataset was hashed but not salted. In simple terms, that means it was only protected once rather than twice. So the lesson for professionals is salt as well as hash lists of user credentials. And make sure the hash, or algorithm, you use is modern and safe.

For consumers, Hunt has advice on how to create safer passwords. First, longer is better. Second, think of passphrases of random words — like “SillyOrphanNancyGolfs”. If that sounds odd, is spells S-O-N-G. That shortcut should be easy to remember. And by the way, you can insert a space in between a word or words. That makes the password more complex, as well as using capitals. Third, use a password manager. And if you have a sensitive job and may be a target — an executive, a reporter, an accountant — let the password manager select a random jumble you can’t remember that will be really tough to crack. Now, that means you’re relying on one password for protection — the password to the password manager. But Hunt says that’s still good protection. Finally, where you can sign up for two-factor authentication in addition to a user name and password to protect logins.

The future, we’re told, is paying for everything with your smartphone. That’s because to get a phone you have to prove your identity, including providing a credit card. So in some countries you can buy things in stores by waving your phone at a sensor. But some transactions aren’t so simple. Recently a reporter in Britain was convicted of not providing proof of payment on a bus after using her iPhone and Apple Pay to pay for a ride. In England it’s common for transit riders to have to get a ticket stub to prove they’ve paid. But just as the reporter produced her phone to show the evidence of payment, the battery died. The bus company wouldn’t accept her bank statement as proof she paid. Then she missed a court date and was convicted and fined about $500. And with a conviction she couldn’t get a visa to travel to the U.S. I’m making a long story short, and the conviction was reversed. But companies who believe the world will be their oyster because people can pay for things with a smart phone need to think of everything that can go wrong. And consumers should remember not to leave the house unless their phones are fully charged.

Police in the U.S., Mexico and Italy have arrested 18 people and charged them with stealing money from American bank machines. They had allegedly installed skimmers on a bunch of ATMs, stealing data and making counterfeit credit and debit cards. Then they’d make fraudulent purchases or withdraw money from bank machines.

Do you have iTunes or iCloud for Windows on your PC? Make sure it’s updated to the latest version, which closes a major security bug. If you had and then deleted iTunes or iCloud for Windows, you also need to delete the source of this bug, a piece of those apps called Bonjour. Check the list of installed applications in the Control Panel and then say goodbye to Bonjour.

Finally, if you use the Chrome browser, make sure it’s updated. Google has released fixes for eight vulnerabilities.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now