1.) Strong passwords actually work
According to Facebook’s Chief Security Officer Alex Stamos, the majority of malicious attacks can be subverted using a strong password. Stamos claims that the media coverage often encompasses the most extreme incidents of hacking, leaving users feeling like they’re completely vulnerable, when in fact much can be prevented through two simple steps. First, using a password manager to generate a unique password for every service one uses, and secondly, activating two-step authentication on their email and social networking accounts to receive a text messages with extra code to input when logging on.
2.) New devices are not necessary safe devices
Zero day exploits occur when hackers discover and exploit holes in a vendor’s software before the vendor is even aware of their existence. Recall that earlier this year, it was discovered that Lenovo laptops were shipping with the adware Superfish pre-installed, that allowed it to perform a man-in-the-middle attacks by injecting fake ads into users’ web traffic that then diverting them to fake websites.
3.) Even top-notch software may contain security flaws
It’s easy to fall into complacency by assuming that major software such as the Windows OS must be absolutely secure simply because it’s a multi-billion dollar company, but in fact it was programmed by humans with their limited human capacity. As such, it has bugs – why else would you be receiving all those monthly security update prompts?
4.) Be weary of websites that use “HTTP” instead of “HTTPS”
Many web operators assume that because their sites do no process payment or other sensitive details, that they must not need HTTPS. This is completely wrong; without HTTPS, it’s easy for third parties (such as hackers and nosy government agencies) to monitor your web traffic on the non-HTTPS sites because it is unencrypted. HTTPS ensures that only your browser and the server can decrypt the traffic.
One solution is to install the extension “HTTPS Everywhere ” on Chrome, Opera, Firefox, and your Android device. The extension rewrites requests to these sites to go through HTTPS. Get it here .
5.) The cloud is vulnerable
As with most things, cloud storage has its tradeoffs. Unlike owning and managing your own private server, cloud storage is run by an entire team responsible for upholding that particular cloud’s security, thus automating the maintenance aspect for its customers. Given its size and capital, cloud services have many more tools at their disposal, with pattern recognition algorithms in place to detect malicious attacks. Ironically, this massive amount of data also makes it easier to hide attacks very high level attacks, so one must ultimately consider who is most likely to hack them and why. In some instances, one approach makes more sense than the other. For example, if you’re harboring a business secret that you’d rather not share with the NSA, then considering running a personal server. Alternatively, if you’re an ordinary citizen and seek a level of security outside of your expertise, then cloud storage is an option.
6.) Software updates are paramount
Remember that Android hack capable of infecting up to 950 million phones through text message? Well, immediate security patches have been dispatched to rectify the issue, but unless you download them, you’ll remain vulnerable.
7.) Cyberattacks are extremely rare and not all hackers are criminals
Unless you’re a public figure or a very important person (which most of you aren’t), the biggest threat you’re most likely to encounter is someone stealing accounts because of poor password protections, or your credit card because you’ve inputted it on a non-HTTPS site.
The term “hacker” is insubstantial on its own as it does not define a person’s morality and motivation. “Hackers” are people who find identify loopholes and break into systems; those who report their findings in an effort to get the vulnerabilities patched are called “white hat” hackers, while those who uses these vulnerabilities to hurt or exploit people and organizations are called “black hats.”
8.) The Darknet and Deepweb are two different things
Often used interchangeably, these two terms are in fact completely different things. The Darknet refers to websites hosted outside the realm of “www” that require special software to access such as Tor. An obvious example that comes to my mind is the former Silk Road online drug market. Conversely, the Deepweb is simply non-indexed Internet content that does not appear on search engines because it is inaccessible to them because of its non-indexed nature.
Source: Gizmodo
Advertisement
Learn more about Electronic Products Magazine
