I've been seeing a lot of news lately about identity theft, which continues to increase on a global scale, and protection of private information, increasingly from the federal government. The feds are now demanding user passwords from web firms. If they can't get them the legal way, and want them bad enough, they will simply hack them. The NSA, FBI and CIA all utilize hackers The government has the resources to do whatever it wants, but there are hackers everywhere that do the very same thing. Hacking passwords is a major security concern that many people do not fully respect. And they should, because that's how your identity is often stolen. So I thouht I'd pass on a few tips that people can utilize very easily. The first tip involves protecting yourself against keyloggers, which record everysingle keystroke you make. No matter if they are hardware devices or software programs, here's a great tip:
Use ASCII codes.
Most people don't know this, but everything in computers is binary - 1s and 0s. Each character is a byte, each byte is 8 bits, each bit is a 1 or 0 (1 = "ON" and 0 = "OFF"). For example, each byte is between 00000000 and 11111111. Each bit (right to left) from the first bit to the eighth has a value (128 64 32 16 8 4 2 1). Notice the value doubles itself with each bit. For every "1" in the byte, you take the corresponding place value and add it together - "0" means that particular bit has no value and is left alone. The sum is the ASCII code for a corresponding character. Every character a computer uses is calculated this way - it is the core principle of binary coding. For example, my name begins with the letter "E." In binary, "E" looks like this: 01000101.
(128 64 32 16 8 4 2 1)
0 1 0 0 0 1 0 1
The corresponding values for the 1s are 64, 4, 1. Add them and you get 69. So the ASCII code for the letter "E" is 69. You access the ASCII codes using the ALT key. Try it. Press ALT-69, and you get "E." (By the way, you can do a search for "ASCII tables," or "ALT codes" to find web pages that have the chart for all the characters.) But "E" is on the keyboard, and that's too easy. So if I wanted to make it tougher to crack, I could use the ASCII code for "É." In binary, "É" looks like this: 10010000.
(128 64 32 16 8 4 2 1)
1 0 0 1 0 0 0 0
The corresponding values for the 1s are 128, 16. Add them and you get 144. So the ASCII code for the character "É" is 144. So to protect my self better, I wouldn't type Eric - I would instead type Éric, using (ALT-144)ric.
Your keyboard is simply a set of keys that are shortcuts to the sum-values that correspond to the ASCII codes for the characters printed on the keys (to save you from having to type in binary). Keyloggers are great for the keyboard characters. But if, for example, I type my name this way: (ALT-69)RIC, instead of (E)RIC, the keylogger will see that I pressed the ALT, the 6, and the 9, but it doesn't know if I pressed them together or separately, and some loggers (typically the software kind) will only record the ALT key and miss the 6 and 9 because they were pressed during the main keystoke, the ALT key. So using ASCII command characters - even just one - makes hacking your passwords exponentially harder, because hackers typically use the main set of keybord characters, under the (correct) assumption that most people don't know how to input ALT codes. Your password can still be hacked, but it will take much longer - and hackers are like burglars, in the sense that speed is everything. The longer it takes, the more likely they'll give up before they crack it.
Home Wireless Routers
Most of us use wireless in our homes. And hackers love to drive through neighborhoods, scanning for wireless networks they can hack. There are a couple of ways to counter this, and both are very simple:
1) Disable your SSID. Every router has one. It's the ID that is broadcast from the router into the air, so you can find your router and connect to it, by simply clicking on it. But you can also input the SSID manually. Just give it a simple name that's easy to remember. Once you disable the SSID broadcast, your router is still present, but now it is invisible, outsiders can't see it as an available network. Most of the time, you only connect to your router the first time, then your computer does it automatically every time thereafter. So this is a nice little security step that is minimally taxing to the user.
2) If you are not a fan of coming up with a name for your router, or disabling the SSID, try this: most routers have a generic name out of the box, and it usually contains the brand name, like Linksys-something, or Netgear-something, D-Link-something, etc. If your router is a Linksys, rename it Netgear, or D-Link, or Buffalo. If it's a Netgear, rename it Linksys, and so on. Hackers usually have a set of base command protocols for each brand of router. If you change the SSID's name to a different brand, the hacker will waste a lot of time using the wrong protocols to get in. Remember, you can't totally beat them, but you can slow them down trememndously, and that will increase the chances of them leaving yours alone.
3) If your router gives you the option between WEP and WPA or WPA-2 passwords, always choose WPA or WPA-2. WEPs are the most easily hacked, as they are the most generic in design and application. Use them ONLY if you have no other option (in which case, your router is likely older, and should be replaced). And remember, you can use the occasional ASCII character to throw off the hackers to make it that much more time consuming, which is the goal.
These are simple measures (sorry about the quick binary tutorial, but I tried to keep it short and easy to understand), and everyone should be proactive in protecting their information from intruders, be it the feds, the professional hacker, or the recreational hacking 10 year old who's at home bored while Mom and Dad are out on date night. It's your information and your life. Look after it.
No comments:
Post a Comment