Today, using your last name followed by your favorite year just doesn’t always cut it.  So how does one stay safe?

Firstly, don’t use words out of the dictionary to form a password.  Rather, make your password seem like a bunch of gibberish.  Create an acronym instead, or write out complete gibberish as a password (of course, make sure you wrote down this gibberish BEFORE you attempt typing it.  THEN, take that piece of paper you wrote your new password on and HIDE IT!) If you create a password with words, it’ll be easier for any hacker or hacking program to figure out your password.

If the above is too difficult, then try making your password complex.  Use upper AND lower case letters, numbers, and if applicable, use symbols like !, #, $, or %.  The longer and more random the password, the better.

Do not use your first, middle, and/or last name as your password.  If a hacker knows your name, it’d be no sweat to get to your account.

If the website you are subscribing/signing up to requires a security question just in case you forget your password and need to “reset” it, don’t use answers and questions that everyone might know.  Also, I find that if your answers are longer, your password will be that much harder to be obtained by a hacker.

Try changing your password from time to time.  I’m not saying to do it every day, but maybe every few months or so.  I try to change my passwords every 4 to 6 months.

Don’t use the “AutoComplete” features.  When you do this, your password is stored on your computer and will leave you more vulnerable to having your information stolen.

Lastly, do NOT use the same password for every single thing.  Using the same password for everything is an easy habit to get into.  Yes, it is a lot easier to remember, but it’s much more dangerous.  If a hacker gained your password from one website, what would stop them from using the same information on another?

“I think I get it, but how can I tell my password is safe?”

If you followed the suggestions above, you should be fine – but if you would like a second opinion, check out http://www.passwordmeter.com/ aka “Password Strength Checker.”  This website offers a simple, free service that allows one to check the strength of his password.

Just visit the website, type your password in, and the webpage automatically checks the strength of your password.  Your password is never stored or saved, so not only is it a FREE service, more importantly, it is a SAFE service.

So, be sure and check out http://www.passwordmeter.com/

Stay safe!

What Do You Think?

How do you stay safe on the internet?  What methods do you use to make your password strong and safe?  Whatever you have to say, I want to hear about it!  Leave your thoughts below in the “Comments” section, or send me an e-mail at david@funkytower.com

Take it easy,
David

http://www.funkytower.com/2008/08/06/dangerous-dns-problem/

DNS is what has revolutionized and, in many ways, helped create the spectacular online environment we have today, know as the World Wide Web.  We use DNS for virtually everything, from e-mail, to myspace, to online banking, to having internet access itself.  DNS is what converts an ip address (a bunch of numbers that identify a system) to a name like www.funkytower.com, or pop.domain.com, etc.  The flaw which has been found is very scary, as it can potentially change the course of our entire life.  This flaw could allow malicious persons  to duplicate any domain name.

“How could this change the course of my entire life?” you ask?  Simply this: say you went to www.wamu.com to work on your bank account, you enter in your information, log in, and everything seems fine – but what you wouldn’t know is you were logging in to a fake website that looks exactly like www.wamu.com, and you just gave all of your bank information to a complete stranger.  Next thing you know, all your money is gone and there is no possible way to have it recovered.

What an awful fear to have to live with.  There currently is no solution for this problem either.  Many engineers and developers have come up with patches for this problem – but it doesn’t solve it.  All it does, is make the problem alot harder to access.  This is not good enough to me.

I’m on a bit of a vacation here in Oregon and I keep having this slight fear in the back of my mind “I hope no one has managed to hack into my bank account and all my money is gone” and “I hope no one gained my password to my Paypal account!”

What causes people to do such things that we even have to worry about something like this?  Sadly, the world we live in today is hardly safe.  We are already worried about identity theft without hearing much about this problem.

I cannot wait until the day when this problem finally comes to an end.

Take it easy,
David

Recently, a huge threat to DNS, the system that translates IP Addresses to unique names (and vice verce), creating URLs such as funkytower.com, has been discovered.  This threat would allow malicious users to impersonate almost any website on the Internet. 

This issue, obviously, is SERIOUS.  All nameservers need to be patched ASAP.  Updates are being released for a lot of different platforms because the problem is with with the DNS protocol, not a specific implementation.

The US-CERT (United States Computer Emergency Response Team) wants help in getting the word out about this problem, which was made public in July, 2008.

So, my efforts are to show you a link from the US-CERT Website containing the alert itself to help inform you on the details.  So be sure to read it!

You may read it in its entirety here: http://www.kb.cert.org/vuls/id/800113

Here you can find all of the details about the problem, including a list of systems that have been effected, many of which are companies we know and love who provied us with internet access, phones and phone services, and computers.  Microsoft, AT&T, and Apple are just a few.  These companies are taking measures to fix their DNS, however this is effecting some of our own experiences on the internet, and not in a positive way.  However, these problems are coming and gong so fast, it hardly comes to the attention to the average person that there might even be anything wrong.

The US-CERT has already done this, but I would personally like to thank Dan Kaminsky of IOActive for finding and revealing this dangerous flaw.  I would also like to thank Dan Kaminsky, the US-CERT, IOActive, and the people getting the word out about this problem for helping make the World Wide Web a safe, secure, and enjoyable place, and literally keeping it alive.